![]() He said it affected only version 11 of the app, which was released on December 6, and then only when a user followed Keeper prompts to install the browser plugin. After this post went live, a Keeper spokesman said the bug was different than the one Ormandy reported 16 months ago. Ormandy's post linked to this publicly available proof-of-concept exploit, which steals an end user's Twitter password if it's stored in the Keeper app and the plugin is enabled. With only basic changes to "selectors," Ormandy's old proof-of-concept exploit worked on the new Keeper plugin. When he tested the unrequested app, he soon found the browser plugin the app prompted him to enable contained a bug that represents "a complete compromise of Keeper security, allowing any website to steal any password." He said he uncovered a flaw 16 months ago in the non-bundled version of the Keeper browser plugin that posed the same threat. Google Project Zero researcher Tavis Ormandy said in a blog post that the Keeper Password Manager came pre-installed on a newly built Windows 10 system derived directly from the Microsoft Developer Network. ![]() ![]() The flaw was almost identical to one the same researcher disclosed in the same manager plugin 16 months ago that allowed websites to steal passwords. For about eight days, some versions of Windows 10 quietly bundled a password manager that contained a critical vulnerability in its browser plug in, a researcher said Friday. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |