07-14-2014 05:56 AM
By Darren Pauli, 14 Jul 2014
Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials.
"Critical" vulnerabilities were discovered and reported in LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword in work described by the University of California Berkeley researchers as a "wake-up call" for developers of web password vaults.
"Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites," Researchers Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song wrote in the paper The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers (PDF).
"We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords.
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/14/popular_we