• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Your browser stores passwords and sensitive data in clear text in memory

Justin Rowell by Justin Rowell
29.09.2022
Home Software

Your web browser may store sensitive data, including usernames, passwords and session cookies in clear text in memory according to CyberArk security researcher Zeev Ben Porat.

chrome cleartext passwords cookie data

Most Chromium-based web browsers appear to be affected, including Google Chrome. Microsoft Edge was tested for the weakness and it was affected by it, too. A quick test on a local Windows 11 system confirmed that browsers such as Brave and Mozilla’s Firefox web browser are affected by the issue as well.

Physical access to the target machine is not required, as remote access or access to software that is running on the target machine is sufficient to extract the data. Extracting can be done from any non-elevated process that runs on the same machine.

While it is necessary for the user to enter credential data such as usernames and passwords before they can be extracted, Zeev Ben Porat notes that it is possible to “load into memory all the passwords that are stored in the password manager”.

Two-factor authentication security may not be sufficient to protect user accounts either, if session cookie data is also present in memory; extraction of the data may lead to session hijacking attacks using the data.

The security researcher describes several different types of clear-text credential data that can be extracted from the browser’s memory.

  • Username + password used when signing into a targeted web application
  • URL + Username + Password automatically loaded into memory during browser’s startup
  • All URL + username + password records stored in Login Data
  • All cookies belonging to a specific web application (including session cookies)Testing your browsers

The issue was reported to Google and it received the “wont fix” status quickly. The reason given is that Chromium won’t fix any issues that are related to physical local access attacks.

Zeev Ben Porat published a follow-up article on the CyberArk blog, which describes mitigation options and different types of attacks to exploit the issue.

How to test your browsers

Windows users may use the free tool Process Hacker to test their browsers. Just download the portable version of the program, extract its archive and run the Process Hacker executable to get started.

Enter a username, password or other sensitive data in the browser that you want to test.

  1. Double-click on the main browser process in the process listing to display details.
  2. Switch to the Memory tab.
  3. Activate the Strings button on the page.
  4. Select OK on the page.
  5. Activate the Filter button in the window that opens, and select “contains” from the context menu.
  6. Type the password or other sensitive information in the “Enter the filter pattern” field and select ok.
  7. Process Hacker returns the data if it is found in process memory.

Now You: is your browser affected by this? What is your take on the issue?  (via Born)

Thank you for being a Ghacks reader. The post Your browser stores passwords and sensitive data in clear text in memory appeared first on gHacks Technology News.


Next Post
KrebsOnSecurity in New Netflix Series on Cybercrime

KrebsOnSecurity in New Netflix Series on Cybercrime

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Eight Irish researchers bag starter grants from European Research Council

Eight Irish researchers bag starter grants from European Research Council

29.09.2022
Best drones for 2021

Best drones for 2021

29.09.2022

Trending.

Government urged by Irish wind industry to boost offshore opportunities

Government urged by Irish wind industry to boost offshore opportunities

29.09.2022

The most important humanitarian problems to be solved

29.09.2022
Deforestation and storms in West Africa

Deforestation and storms in West Africa

29.09.2022

4 tips to identify the reliable payment gateway for your needs

16.06.2023
Software Development Company Geniusee Expands Its Sales Presence in California

Software Development Company Geniusee Expands Its Sales Presence in California

18.09.2023
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message top bitcoin casinos

Recent News

Tech Unleashed: A Recap of the Week’s Most Captivating Stories

Tech Unleashed: A Recap of the Week’s Most Captivating Stories

04.10.2023
Software Development Company Geniusee Expands Its Sales Presence in California

Software Development Company Geniusee Expands Its Sales Presence in California

18.09.2023
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release