1 min read

29 vulnerabilities found in top-rated password managers for Android

Luana PASCU

March 03, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
29 vulnerabilities found in top-rated password managers for Android

Researchers from the Fraunhofer Institute in Germany analyzed nine password managers for Android and found 29 “implementation flaws resulting in serious security vulnerabilities” that could allow data leaks in browser research, privacy issues and password leaks.

The apps include LastPass, 1Password, My Passwords, Dashlane Password Manager, Informaticore’s Password Manager, F-Secure KEY, Keepsafe, Keeper and Avast Passwords. Some have been installed by more than 50 million users.

LastPass and Dashlane were rated two of “the best password managers of 2017” by PCMag; but probably not from a security point of view, as three vulnerabilities were detected in LastPass, four in Dashlane and five in 1Password.

“The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials. Instead, they abuse the users` confidence and expose them to high risks,” the researchers said. “Some applications stored the entered master password in plaintext or implemented hard-coded crypto keys in the program code.”

Another major concern is that password managers also often offer to store PIN codes and credit card numbers.

“We found that, for example, auto-fill functions for applications could be abused to steal the stored secrets from the password manager application using “hidden phishing” attacks,” the researchers explained. “For a better support of auto-filling password forms in web pages, some of the applications provide their own web browsers. These browsers are an additional source of vulnerabilities, such as privacy leakage.”

As of March 1, all vulnerabilities have been fixed.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read