Keeper password manager: Well-known Google security researcher Tavis Ormandy has discovered a new vulnerability that affects users of Windows of Microsoft.
This time around, the bug is in the Keeper password manager application that comes preinstalled in some versions of Windows 10. Ormandy states that discovered a similar vulnerability in August of 2016.
Although this bug is not a security flaw in Windows or another Microsoft product, it may expose sensitive Windows user details as attackers could steal their passwords stored in the Keeper password manager.
X X X X X X X X X X X X X X X X posted a demo to demonstrate the vulnerability, explaining that it “allows any website to steal from anyone code access".
Microsoft, on the other hand, said it knew the issue and said it was preparing to update the application.
“We are aware of the report for this third-party app and its developer will release updates for it protection των πελατών μας”, ανέφερε εκπρόσωπος της companys.
The Keeper password manager company detected the defect and immediately released an update to the 11.4.4 version. The app extension for Edge, Chrome, and Firefox browsers is automatically updated.
The Keeper developer reports that the flaw can only be exploited if someone can lead the user to a specially designed page that can take advantage of the flaw.
“This potential vulnerability requires a Keeper user to open a malicious website while logged into the browser extension. It then falsifies the user's details using a technique “clickjacking” to be able to run code with user privileges in the browser extension.
Although the flaw does not exist in the Windows operating system itself, it once again raises questions about Microsoft's strategy to promote third-party software. It is currently not known which computers the Keeper is preinstalled with and what agreement.
The good thing is that everyone can disable the app.