Some commercial password managers may be vulnerable to cyber-attack by fake apps

Discussion in 'other security issues & news' started by mood, Mar 18, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,678
    40% of password managers duped by a fake Google app
    Password managers failed this test miserably
    March 1 7, 2020
    https://www.itpro.co.uk/security/cy...-password-managers-duped-by-a-fake-google-app
    University of York: Researchers expose vulnerabilities of password managers
     
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,873
    Location:
    USA
    Unless I am missing something this article doesn't name any names or give any details. I consider it a waste of time to read anything beyond the headline, which only leaves unanswered questions.
     
  3. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    249
    Location:
    Australia
    Thanks for that, saved me having to read it.
    The only reason there should be for not naming names is that they have informed those that are vulnerable and giving them a chance to find a fix.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,062
    Location:
    The Netherlands
    I didn't really understand it. Are they talking about password managers on smartphones?
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,873
    Location:
    USA
    I assume password managers in general but again the article was not specific enough to really tell us anything.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,062
    Location:
    The Netherlands
    I found some info on a Dutch site. Apparently it was about Dashlane, LastPass, Keeper, 1Password and RoboForm for both Android and Windows. LastPass and 1Password are vulnerable to fake apps stealing passwords, I assume this is on mobile phones.

    And Dashlane and RoboForm were vulnerable to brute force attacks on the master password. And only 1Password protects against stealing passwords from the clipboard. Of course you would already need to have malware present on the PC.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.