Critical bug in keeper, the Windows 10 password manager

Keeper is the name of the Windows 10 password manager that comes free with every new copy of Windows 10. Unfortunately, a critical flaw has been identified by Google Project Zero researcher Travis Ormandy in the new version of Keeper and was not corrected by almost eight days.

Keeper is Windows 10's free password manager

'' I have created a new Windows 10 VM with a pristine image from MSDN and have noticed that a third party password manager is installed by default. It didn't take long to find a critical vulnerability , ” was what Ormandy said.

The Keeper bug was found in a fresh copy of Windows 10 downloaded from the Microsoft Developer Network, while the non-included version of this app has already been exposed to this bug for over a year.

Due to this failure, the application I was injecting a trusted user interface into unreliable web pages through a content script, and as a result the websites were able to steal user credentials using clickjacking and other similar techniques.

To test their findings, Ormandy also released a proof-of- concept exploit, which showed that when a user saved their Twitter password in the Keeper app, it was easy to steal. The developers of this password manager solved the problem within 24 hours after Ormandy shared their findings. They have also released an automatic update to version 11.3 of the app.

Keeper's developers claim that none of the app's extensions have been affected, but it's true that the bug stayed there for eight days.

Hackread Font