If you are on the Internet, you are vulnerable to cyber attacks and using a password manager should be part of your online life. But what if the password manager you are using is vulnerable and leaks your login credentials rather than securing them? The Univerity of York has the answer.
In a study conducted by researchers from the University of York, 5 password managers were analyzed out of a total sample size of 19 in order to find vulnerabilities. As a result, 4 new exploitable flaws were found whose findings have been explained below.
The apps tested include LastPass, Dashlane, Keeper, 1Password, and RoboForm and were chosen because of the extensive features they offer coupled with their popularity amongst users.
1.Phishing
Firstly, researchers created a malicious app that looked like a legitimate one and tested it with these password managers. Both 1Password and LastPass’s Android applications succumbed to this trick leaking user credentials as a result and “which stored credentials to suggest for autofill”.
This was because of the lack of a strong criteria measure in place to verify the identity of these apps, instead only an identical package name was considered sufficient.
The flaw demonstrated in a proof of concept by the researchers.
2. Bruteforcing
To offer convenience, some of these applications allow users to keep a 4 digit pin as an authentication measure instead of a long password. However, what happens if an attacker tries to brute force their way by repeatedly attempting differ ..
Support the originator by clicking the read the rest link below.
