Major Security Flaws Found in Popular Password Managers

Major Security Flaws Found in Popular Password Managers

Independent Security Evaluators found some worrying flaws in popular password managers, but still suggest that you use one.

Password managers, which have been suggested to internet users from all cybersecurity experts, are convenient and ensure the security of your account, but what if they are the source of vulnerability? A new report suggests that these password managers may not be as secure as you might think.

Before you go and delete your password manager and revert all your passwords back to 123456, note that the researchers who found these vulnerabilities in the five most popular password managers, still think that you should use one. 

The Independent Security Evaluators (IES) note that password managers are still a good thing, but found that they contain some worrying flaws on the security front, such as storing the master password for the application in the PC's memory in plaintext form.

ISE evaluated 1Password, Dashlane, KeePass and LastPass on Windows 10 and found that in some cases, the master password could be found in plaintext - no better than storing the password in a document saved to your desktop, at least when it comes to a skilled hacker. 

"Using a proprietary, reverse engineering, too, ISE analysts were able to quickly evaluate the password managers' handling of secrets in its locked state," ISE said in an article about the flaws. "ISE found that standard memory forensics can be used to extract the master password and the secrets it's supposed to guard."

The organization said an urgent remedy is required to facilitate password managers effectively scrubbing out all data that could lead to a potential compromise of a users' accounts. 

While these flaws are present in the password managers you might use today, it is worth noting that a hacker would have to first gain access to your computer to exploit this vulnerability. ISE says that password managers "add value to the security posture of secrets management," and help to avoid many bad password habits like weak passwords and re-using passwords.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

  • The Z-Wave Alliance Focuses on the Residential Market The Z-Wave Alliance Focuses on the Residential Market

    Mitchell Klein serves as the executive director of the Z-Wave Alliance, an industry organization that drives numerous initiatives to expand and accelerate the global adoption of smart home and smart cities applications. In this Podcast, we talk about the 2022 State of the Ecosystem, and the fact that technology has brought about almost unimaginable residential security resources. The Alliance also provides education resources as well as looking at expanding technology.

Digital Edition

  • Security Today Magazine - May June 2022

    May / June 2022

    Featuring:

    • The Ying and Yang of Security
    • Installing Smart Systems
    • Leveraging Surveillance
    • Using Mobile Data
    • RIP Covid-19

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety