Tavis Ormandy, a security researcher at Google has unearthed a bug in Windows 10 Password Manager
Ormandy says there is a vulnerability in the Password Manage that enables would-be attackers to steal your passwords. The vulnerability is with the third-party app Keeper, which comes preinstalled in Windows 10 devices. The security expert says the vulnerability in Keeper is similar to the one he discovered back in 2016.
He then went to demonstrate the attack and shared the nitty gritties under the Project Zero. It will stay there for 90 days. After which Travis is free to share the details with anyone or even public. Before you start freaking out, as soon as the news of vulnerability in the app surfaced, Keeper has already released a patch to fix the problem. If you use the app to manage your passwords, it is highly advised you update the app. Keeper posted the following in their blog:
“All customers running Keeper’s browser extension on Edge, Chrome, and Firefox have already received Version 11.4.4 through their respective web browser extension update process. Customers using the Safari extension can manually update to version 11.4.4 by visiting Keeper’s download page. No reports of any customers affected by this bug have been reported to Keeper. Mobile Apps and Desktop Apps were not affected and do not require updates.”
Hopefully the released patch will be foolproof and your passwords will be safe. You can download the Keeper extension for Edge browser from the Windows Store.