Password Managers Can Be Vulnerable to Malware Attacks [source: pcmag]
by CIRT Team
Password managers are a useful way to keeping your internet accounts safe. But the software that runs them isn’t always perfect.
According to new research, four popular password managers for Windows 10 can actually leak your login credentials to the PC’s memory. That’s bad news in the event your computer has been secretly taken over by malware; a hacker could potentially snatch up the sensitive data when the password manager turns on.
The research, published on Tuesday, comes from Independent Security Evaluators (ISE), a Baltimore-based company that examined the security of four products including 1Password, Dashlane, KeePass, and LastPassFree at LastPass. The company was surprised to find that the products didn’t always encrypt and then delete password data in the PC’s background processes. Even the master password, which can be used to unlock all your stored passwords, can be exposed.
For instance, 1Password7 will decrypt all your individual passwords and store them in the computer’s memory once the application loads up. The login credentials—including the master password—will also persist in the PC’s memory when the product is still running, but in a locked state. “The user must exit the software entirely in order to clear sensitive information from memory,” the research adds.
For more, click here.