Friday, February 23, 2024

Browsers store passwords in memory in clear text (unencrypted)

Date:

One wonders why one stores passwords and other sensitive data in the browser (no matter which one) in encrypted form if they are decrypted (plain text) in RAM anyway. This does not only apply to the Google Chrome or Chromium browser, but also to Firefox.

Zeev Ben Porat described this in his post, how he discovered that after launching the browser, sensitive data is stored in RAM unencrypted. When he thinks about it, it’s no wonder there are tools that can extract passwords from browsers. But that’s just an assumption. But if someone gets to your computer without being asked, it would be possible to access this sensitive data.

I tried it once with my Vivaldi, Edge and also Firefox and they all showed me the passwords used. And so it goes on:

  • process hackers Download (portable), decompression
  • Start the browser and log in somewhere
  • Start Hacker Process
  • Right click on the browser -> Properties
  • Memory tab and then Strings
  • In the new window, under Filter -> Contains
  • Now enter your password and let it search

I was shown all possible passwords. Zeev Ben Porat also reported this to Google and they quickly responded with “Won’t fix”. 14 weeks later, Chromium made the report public. If you want to read the article in more detail:

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...

Gaming Peripherals; The Good and The Bad

When it comes time to upgrade any gaming set-up,...

How is a Short Story Written: Techniques for Crafting Engaging Short Fiction

Are you interested in crafting an engaging short story...