By Ericka Chickowski 7/14/2014
Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.
A group of researchers next month will present their finding a grab-bag of vulnerabilities in Web-based password managers, which they believe to be a wakeup call for the major password manager companies. The technical details are slated to be fully aired out at the Usenix conference in San Diego in late August, but conclusions from the research were released via a peer-reviewed paper made public last week.
Full Article
Hacking Password Managers
Userlevel 7
+54
Userlevel 7
Lots of info there, I will have to go thru it again including the peer-reviewed paper.
Aside from booklets with LastPass, it appears to be secure, therefore WSA manager is as well.
Thanks for the info!
Aside from booklets with LastPass, it appears to be secure, therefore WSA manager is as well.
Thanks for the info!
Userlevel 7
+54
There are a lot of articles being published about this at present but as the flaws have been fixed things should on the whole be OK but if users are worried they should change the master password and any passwords on non trustworthy sites.
"The researchers examined LastPass and four other Web-based managers and found critical defects in all of them. The worst of the bugs allowed an attacker to remotely siphon plaintext passcodes out of users' wallets with no outward sign that anything was amiss. LastPass and three of the four other developers have since fixed the flaws, but the findings should serve as a wakeup call. If academic researchers from the University of California at Berkeley can devise these sorts of crippling attacks, so too can crooks who regularly case people's online bank accounts and other digital assets."
Full Article
Adoption of poorly secured password managers opens a single point of failure.
by Dan Goodin - July 14 2014
"The researchers examined LastPass and four other Web-based managers and found critical defects in all of them. The worst of the bugs allowed an attacker to remotely siphon plaintext passcodes out of users' wallets with no outward sign that anything was amiss. LastPass and three of the four other developers have since fixed the flaws, but the findings should serve as a wakeup call. If academic researchers from the University of California at Berkeley can devise these sorts of crippling attacks, so too can crooks who regularly case people's online bank accounts and other digital assets."
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.