Edge may reportedly leak all your passwords easily and Microsoft says it's "by design"
Edge stores passwords in plaintext memory at startup; a tool has been released to test against the flaw.
109
Comments8Edge stores passwords in plaintext memory at startup; a tool has been released to test against the flaw.
Use a real password manager people
*operating system
This requires reading application memory
Seems like a pretty basic security precaution to avoid loading decrypted secrets into memory before they're needed. Someone who can access application memory can already own you but there isn't really a good reason why they should be able to access secrets that you never accessed while they were in.
I wouldn't say it's an alarming flaw, just seems weirdly and unnecessarily unsafe
At some point they will need to be decrypted anyway
I think this was done for performance and simplicity
Yep, and at that point they will be in memory until a reasonable time to clean up. But decrypting the whole password database and leaving it there forever seems needlessly unsafe.
TIL: If you
cat /proc/sys/kernel/yama/ptrace_scopeon your linux distro:Most distros have this set to 1 by default.
More details:
man 2 ptrace, search using/:scopeTwo years and you end it all with that? Oook