Huge security flaw in Windows 10 that could have allowed hackers to STEAL the passwords of thousands of users is found by a Google analyst

Monday, December 18, 2017
By Paul Martin

For eight days this month Windows 10 shipped with a flawed password manager
The ‘Keeper’ app contained a bug that allowed hackers to access stored logins
The bug meant criminals could take passwords of 1,000s of Windows 10 users

18 December 2017

A huge security flaw in Windows 10 that could have allowed hackers to steal the passwords of thousands of users worldwide has been found.

For around eight days this month, some versions of the operating system shipped with a password manager with a massive security flaw, an analyst has revealed.

The bug meant cybercriminals could easily take the passwords stored in the third-party app and use them to break into people’s online accounts.

Google researcher Tavis Ormandy said that when he tested the app, the browser plugin it asked him to enable contained a serious security bug.

The bug represented ‘a complete compromise of Keeper security, allowing any website to steal any password’, the software analyst wrote in a blog post.

The bug meant that hackers could trick the browser extension into letting them see the database of passwords stored by a user.

Mr Ormandy, who is based in California, added that he uncovered a similar flaw in the password manager’s browser plugin non-bundled version 16 months ago.

A Keeper spokesperson has since claimed the bug was different to the one Mr Ormandy found last year.

They said the flaw only affected version 11 of the Keeper app, which was released on December 6, and that the problem was fixed eight days later.

Users were only exposed when they followed Keeper app prompts to install the browser plugin, the spokesperson said.

The Rest…HERE

Leave a Reply

Join the revolution in 2018. Revolution Radio is 100% volunteer ran. Any contributions are greatly appreciated. God bless!

Follow us on Twitter