Ask Us About Our New Password Manager

Home/Security, Tech Talk/Ask Us About Our New Password Manager

Ask Us About Our New Password Manager

We are excited to announce our very own cloud based password manager.  There are so many different ways to store your passwords- excel spreadsheet, sticky note, spiral notebook, from memory, writing it on your hand and maybe tattooed somewhere on your body.  WRONG!

Passwords are critical to your business infrastructure and can be crippling if these passwords are exposed or weak. Eagle Technology Solutions/Sicoir have implemented our own password manager for businesses.  Never forget a password again or rely on staff to give you their passwords if they should happen to leave the company.  Complete control over your passwords throughout your organization!  Call us at 785-628-1330 to find out more or GO HERE to fill out our contact form.

9 Popular Password Manager Apps Found Leaking Your Secrets

Is anything safe? It’s 2017, and the likely answer is NO.

Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place.

Password Managers are software that creates complex passwords, stores them and organizes all your passwords for your computers, websites, applications and networks, as well as remember them on your behalf.

But what if your Password Managers itself are vulnerable?

Well, it’s not just an imagination, as a new report has revealed that some of the most popular password managers are affected by critical vulnerabilities that can expose user credentials.

The report, published on Tuesday by a group of security experts from TeamSIK of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android password managers available on Google Play are vulnerable to one or more security vulnerabilities.

Popular Android Password Manager Apps Affected By One Or More Flaws

The team examined LastPass, Keeper, 1Password, My Passwords, Dashlane Password Manager, Informaticore’s Password Manager, F-Secure KEY, Keepsafe, and Avast Passwords – each of which has between 100,000 and 50 Million installs.

“The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials,” TeamSIK said.

In each application, the researchers discovered one or more security vulnerabilities – a total of 26 issues – all of which were reported to the application makers and were fixed before the group’s report went public.

Encryption Keys for Master Key Hard-Coded in the App’s Code

According to the team, some password manager applications were vulnerable to data residue attacks and clipboard sniffing. Some of the apps stored the master password in plain text or even exposed encryption keys in the code.

For example, one high severity flaw affected Informaticore’s Password Manager app, which was due to the app storing the master password in an encrypted form with the encryption key hard coded in the app’s code itself. A similar bug was also discovered in LastPass.

In fact, in some cases, the user’s stored passwords could have easily been accessed and exfiltrated by any malicious application installed on the user’s device.Besides these issues, the researchers also found that auto-fill functions in most password manager applications could be abused to steal stored secrets through “hidden phishing” attacks.

And what’s more worrisome? Any attacker could have easily exploited many of the flaws discovered by the researchers without needing root permissions.

List of Vulnerable Password Managers and Flaws Affecting Them

Here’s the list of vulnerabilities disclosed in some of the most popular Android password managers by TeamSIK:

MyPasswords

  • Read Private Data of My Passwords App
  • Master Password Decryption of My Passwords App
  • Free Premium Features Unlock for My Passwords

1Password – Password Manager

  • Subdomain Password Leakage in 1Password Internal Browser
  • HTTPS downgrade to HTTP URL by default in 1Password Internal Browser
  • Titles and URLs Not Encrypted in 1Password Database
  • Read Private Data From App Folder in 1Password Manager
  • Privacy Issue, Information Leaked to Vendor 1Password Manager

LastPass Password Manager

  • Hardcoded Master Key in LastPass Password Manager
  • Privacy, Data leakage in LastPass Browser Search
  • Read Private Data (Stored Master password) from LastPass Password Manager

Informaticore Password Manager

  • Insecure Credential Storage in Microsoft Password Manager

Keeper Password Manager

  • Keeper Password Manager Security Question Bypass
  • Keeper Password Manager Data Injection without Master Password

Dashlane Password Manager

  • Read Private Data From App Folder in Dashlane Password Manager
  • Google Search Information Leakage in Dashlane Password Manager Browser
  • Residue Attack Extracting Master Password From Dashlane Password Manager
  • Subdomain Password Leakage in Internal Dashlane Password Manager Browser

F-Secure KEY Password Manager

  • F-Secure KEY Password Manager Insecure Credential Storage

Hide Pictures Keepsafe Vault

  • Keepsafe Plaintext Password Storage

Avast Passwords

  • App Password Stealing from Avast Password Manager
  • Insecure Default URLs for Popular Sites in Avast Password Manager
  • Broken Secure Communication Implementation in Avast Password Manager

SOURCE:  Hacker News

By | 2017-03-03T15:09:50+00:00 March 3rd, 2017|Security, Tech Talk|Comments Off on Ask Us About Our New Password Manager