The security vulnerability in the Keeper Password Manager was almost identical to the one Ormandy discovered and reported in the non-bundled version of the same Keeper plugin in August 2016 that enabled malicious websites to steal passwords.
People really tell me this," Ormandy tweeted. "I don't want to hear about how even a password manager with a trivial remote root that shares all your passwords with every website is better than nothing. Knowing that a third-party password manager now comes installed by default on Windows 10, Ormandy started testing the software and took no longer to discover a critical vulnerability that leads to "complete compromise of Keeper security, allowing any website to steal any password." Some Reddit users complained about the hidden password manager about six months ago, one of which reported Keeper being installed on a virtual machine created with Windows 10 Pro.
Ormandy was not the only one who noticed the Keeper Password Manager.
0 kommentar(er)
