light bulb

Did You Know?



Reply
Posts: 2,895
Topics: 1,798
Kudos: 1,982
Blog Posts: 0
Registered: ‎06-02-2014

Popular password protection programs p0wnable

By Darren Pauli, 14 Jul 2014

 

Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials.

"Critical" vulnerabilities were discovered and reported in LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword in work described by the University of California Berkeley researchers as a "wake-up call" for developers of web password vaults.

"Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites," Researchers Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song wrote in the paper The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers (PDF).

"We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords.

 

The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/14/popular_web_password_vaults_blurting_codes/

Community Leader