Popular password protection programs p0wnable

Webroot's picture
Printer-friendly versionPrinter-friendly versionPDF versionPDF version

 

Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials.

"Critical" vulnerabilities were discovered and reported in LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword in work described by the University of California Berkeley researchers as a "wake-up call" for developers of web password vaults.

"Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites," Researchers Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song wrote in the paper The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers (PDF).

"We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords.

 

The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/14/popular_web_password_vaults_blurting_codes/

News Source : Popular password protection programs p0wnable
Copy this html code to your website/blog to embed this press release.