The risk of losing all passwords is due to the built-in password management tool on Windows 10
Since Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager, silently installing recommended apps without user permission.
Posted on Chromium Blog, researcher Tavis Ormandy from the Google Project Zero project said that on Windows 10 machines downloaded directly from his Microsoft Developer Network installed a password management tool called Keeper.
Tavis is also not the only one, there are some users on Reddit saying that this Keeper Password Manager password management application has been silently installed on their computers 6 months ago.
Serious vulnerability on password management software
Knowing that 3rd party password management software is installed by default on Windows 10, Ormandy has tested it and discovered a serious vulnerability, 'allowing to steal any password'.
An attacker can use Keeper to steal all the passwords stored here
To explain, he also launched PoC https://lock.cmpxchg8b.com/keepertest.html stealing Twitter password when keeping this password on the Keeper application.
Install update Keeper Password Manager
Ormandy reported a vulnerability to Keeper and the company released patch 11.4 to fix the problem.https://blog.keepersecurity.com/2017/12/15/update-for-keeper-browser-extension-v11-4/ Keeper also said they have not seen any actual attacks. "This flaw will trick users into poisoning websites, sign in with clickjacking and execute code inside the browser," said Craig Lurey, co-founder and Keeper Secutiry's CTO.
Although Windows 10 users will not be exposed to any risk without opening this software, Microsoft still needs to explain why it is installed on the machine without the user's permission.
If you want, you can tweak the registry https://github.com/WinPEGuy/OSConfig/blob/master/OSConfig%20Samples/Settings/Windows%2010/(w10)%20Content%20Delivery%20Manager%20-%20PreInstalledAppsEnabled% 20-% 20No.reg to disable the Content Delivery Manager, preventing Microsoft from installing unwanted applications on the PC.
See more:
- How to view the password, delete the saved password on Chrome
- Bitwarden password manager - Microsoft Edge's latest extension
- 25% of the 1.9 billion passwords and usernames bought on the black market are Google accounts
You should read it
- Can the security of a password manager be trusted?
- Use an 8-character Windows NTLM password? Congratulations, your password may be unlocked after only 2.5 hours
- How to Change Your Password in Windows 8
- 3 ways to 'force' users to change passwords periodically on Windows 10
- How to disable Windows Hello sign-in to log in with a password on Windows 10
- PassBox: Manager and create a free password for Windows 10/8/7
- Experience Keepass, impressive password manager
- Set BIOS and UEFI password to protect data on your Windows 10 computer safely
May be interested
- These Android Apps Could Put Your Passwords at Risk If You're Not Carefulusing a password manager on your android phone is essential for creating and maintaining strong, unique passwords for every app and website you use. however, if you're not careful, it can also become a security risk.
- What happens to passwords when you delete a password manager app?password managers are useful for securely storing passwords, but what happens when you delete the app or your account? are your passwords still out there somewhere in cyberspace or are they permanently deleted?
- Instructions for using Chrome's built-in password generatorgoogle chrome provides a password saving feature for all online accounts. chrome also has an integrated password generator, which automatically creates strong passwords with the click of a button.
- How to use SafeInCloud Password Manager to manage passwordssafeincloud password manager is a password-protected and password-protected personal information and password storage tool.
- Managing passwords with LastPass 1.50in this article, i will show you a password management tool lastpass 1.50, which is a tool that provides all the features available to any competitor.
- How to set an app password on Windows 10for those who use the same computer, setting a password for the application is essential because they help improve security for the device. windows 10 operating system today has a lot of applications that support super secure password.
- 3 ways to display passwords *** on the browser is extremely simpleusually the password you save on the browser is usually hidden under a *** or a dot so that strangers can't steal your password. however, suppose if you entered a wrong password, for example, and you want to display the password to see where the error is.
- NoCrack makes passwords safer with 'trap' fake vaultusing management tools is the best way to generate random passwords and is highly secure for logging in to many different websites. however, the problem is that password management tools still need a master password to decrypt, access the data of the vault or safe zone containing all your passwords.
- Password management problems in IE and Firefoxthe two parts of this article will present you an analysis of security techniques, risks, attacks and prevention of two widely used browser password management systems, the internet. explore and f
- How to use Safe Password Manager to manage passwords on Windows 10safe password manager is an application that stores and manages accounts passwords on windows 10 and can be viewed in many different devices.