Buzz
According to some Google security researchers, they have discovered a critical vulnerability in the password management program on Windows 10. Security expert Tavis Ormandy revealed that he found on a Windows 10 operating system he downloaded from the Microsoft homepage, along with the pre-installed password manager called “Keeper”, there exists a serious vulnerability that allows any malicious website to steal user data.
Discovery of Critical Vulnerability in Password Management Program on Windows 10
When setting a computer password on Windows 10, the system will include a password management program for users, ensuring data protection for their computers.
The Windows 10 version supplemented by Microsoft with a pre-installed password management app has been found to contain a serious vulnerability. In a short time, this vulnerability allows any website to steal user data.
Keeper is additionally integrated into some Windows 10 setups like a browser plugin and has been found to contain similar vulnerabilities reported by Ormandy nearly 1.5 years ago. In a short time, user data stored in Keeper can be easily stolen.
Ormandy shares detailed information about the vulnerability on Twitter:
On the Project Zero website, Ormandy also shares:
“Recently, I created a new virtual Windows 10 machine with a raw image from MSDN and discovered a default-installed password manager called “Keeper”. I am not the only one who has noticed this.
“I believe this is a concession with Microsoft. I have heard about Keeper, and if I remember correctly, I previously reported a vulnerability about how this vulnerability injected UI privilege into pages (number 917). I checked, and this new vulnerability works similarly. I think just changing the selector and similar attacks will occur. However, it is a complete security compromise of Keeper, allowing any website to steal user passwords.
After realizing the issue, Keeper developers released a patch within 24 hours, stating:
“This potential vulnerability requires Keeper users to access a malicious website during the login process of the browser extension, then trick users into entering by using ‘clickjacking’ technique to execute privileged code in the browser extension”.
To protect their devices, users should equip themselves with antivirus software, ensuring 24/7 system protection such as KS, AVAST, or BKAV, all of which are effective antivirus software certified in many countries around the world.
During usage, if you forget your computer login password, refer to how to log into a computer when forgetting the password provided by Mytour for the best solution.
Currently, many programs and applications face user opposition when they are deemed unsafe. Not only Keeper, but after Mozilla reused controversial add-on Looking Glass, users also worried about security vulnerabilities in these utilities.
