Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The last 9 years Firefox has not protected user passwords carefully
A new cyber security researcher found that during the past 9 years, Firefox has stored user passwords with an outdated process and can be hacked by GPUs in less than 1 minute.
Both Firefox and Thunderbird allow users to set up Master Pasword for greater security, using the SHA1 style code (which is easy to crack) over the past 9 years.
This problem was discovered by Wladimir Palant, the author of the AdBlock Plus extension. But it is worth mentioning that Wladimir mentioned this issue 9 years ago but was not overcome by Mozilla.
The password stored on Firefox turned out to be not safe at all
Palant said: 'I look at the source code and finally find the sftkdb_passwordToKey () function to switch from the password (website) to the encoded character string (key) using the SHA1 code with 1 string of your password and 1 random string. Anyone who has ever designed a login function for a website will see the problem here . '
Palant reiterated the problem and Mozilla said it would fix it when it released a new password management tool, Lockbox. In the meantime, Firefox users who want to secure their data should use a longer and more complex password.
See more:
- Why should you turn off the Autofill feature in the password manager?
- 3 golden rules to avoid fake attacks
- How to use password management Lockbox in Firefox Quantum
Samuel DanielYou should read it
- Retrieve saved passwords in Firefox and Chrome
- Use Firefox's password manager
- Password management problems in IE and Firefox (The last part)
- How to use password management Lockbox in Firefox Quantum
- How to create a Firefox master password to protect personal information
- Prevent viewing password password stored on the browser
- New vulnerability in Mozilla Firefox allows third parties to access a saved password store
- Mozilla kills Firefox Lockwise password manager
May be interested
- Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites
infosec has just discovered a security flaw in the qr code reader tool of the ios 11 camera app that could trick users into accessing malicious websites they didn't know. - Many computers in Vietnam have been hijacked due to virus infectionaccording to bkav, hundreds of thousands of computers in vietnam are hijacked due to virus infection.
- CertUtil.exe allows an attacker to download malicious code and bypass antivirus softwareis legitimate software but certutil is used to install malware on the victim's computer.
- Warning: GandCrab extortionist code is attacking Vietnama campaign to distribute blackmail gandcrab attacks many countries around the world, including vietnam, discovered by the vietnam computer emergency response center (vncert, ministry of information and communications).
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...a type of malware that has a package name is com.android.boxa that can steal users' private chat data on current messaging applications such as facebook messenger, skype, etc., by experts from the company. network security trustlook detected on android operating system.
- Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security errorthere are more than 1000 cisco router and switch devices in vietnam (all devices used in large network environments and core systems) are subject to serious security errors.
Trojans taking advantage of Firefox save user passwords
How to export and delete saved passwords in Firefox
How to manage passwords on Chrome, Coc Coc, Edge, Firefox browsers
How Linux stores and manages user passwords
Ways to break passwords, remove passwords of PDF files most effectively