News AI
August 12th, 2024

Serious flaw in critical applications: Plaintext passwords in process memory

Security experts found a vulnerability in applications like OpenVPN, Bitwarden, and 1Password, allowing plaintext passwords to remain in memory post-logout, posing risks of exploitation by malware.

Read original articleLink Icon
Serious flaw in critical applications: Plaintext passwords in process memory

Security experts from secuvera GmbH have discovered a significant vulnerability in several critical applications, including OpenVPN, Bitwarden, and 1Password. This flaw allows sensitive information, such as passwords, to remain in plaintext within the process memory even after users log out, making it accessible to potential attackers. The issue is categorized as CWE-316: Cleartext Storage of Sensitive Information in Memory. Malware can exploit this vulnerability by reading the memory of other processes, which poses a serious risk to user data. The investigation revealed that many tested applications failed to securely delete or overwrite sensitive data from memory after use. While some developers, like CyberGhost VPN, have acknowledged the issue and released updates, others have not responded or have prohibited the disclosure of their names. Experts recommend that developers implement measures to minimize the time sensitive data remains in memory and ensure it is deleted or securely overwritten when no longer needed.

- A serious vulnerability allows plaintext passwords to remain in memory after logout.

- Applications affected include OpenVPN, Bitwarden, and 1Password.

- Malware can exploit this flaw to access sensitive information.

- Some developers have responded with updates, while others have not.

- Experts suggest minimizing the time sensitive data is stored in memory.

Related

Signal under fire for storing encryption keys in plaintext

Signal under fire for storing encryption keys in plaintext

Signal's desktop app stores encryption keys in plaintext, risking data theft. Users' security responsibility increases post-data arrival. Despite criticism, Signal hasn't fixed the issue. Caution advised for desktop app usage.

Signal under fire for storing encryption keys in plaintext

Signal under fire for storing encryption keys in plaintext

Signal's desktop app faces scrutiny for storing encryption keys in plaintext, risking data theft. Despite past criticisms, no changes have been made. Users express concerns over security implications, echoing issues in WhatsApp and iMessage.

'RockYou2024': Nearly 10B passwords leaked online

'RockYou2024': Nearly 10B passwords leaked online

Nearly 10 billion plaintext passwords leaked in RockYou2024 pose a risk for individuals. Mitigate by avoiding password reuse, using complex passwords, and enabling multi-factor authentication. Malwarebytes offers a free Digital Footprint scan tool for protection.

Secure Boot useless on PCs from major vendors after key leak

Secure Boot useless on PCs from major vendors after key leak

A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.

Mac and Windows users infected by software updates delivered over hacked ISP

Mac and Windows users infected by software updates delivered over hacked ISP

Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.

Link Icon 2 comments
By @peddling-brink - 5 months
So the malware on my machine can read my passwords in memory while I have my password manager open, and after it’s closed.

This reminds me of being on the wrong side of an airtight hatch.