Serious flaw in critical applications: Plaintext passwords in process memory

https://www.heise.de/en/news/Serious-flaw-in-critical-applications-Plaintext-passwords-in-process-memory-9830799.html

In a recent investigation, security experts from secuvera GmbH have identified a serious vulnerability in various security-relevant applications such as OpenVPN, Bitwarden and 1Password. It leads to confidential information such as passwords or login information remaining in plain text in the process memory even after users have logged out, making it easily accessible to potential attackers. This vulnerability is classified as CWE-316: Cleartext Storage of Sensitive Information in Memory.

Mullvad is affected but not ProtonVPN. Studie: Klartextpasswörter in Passwortspeichern - secuvera GmbH - Cybersicherheit. Nachhaltig.

AccountID even after logging out until it is restarted in memory. The AccountID allows full login, there is no password in this service.

2 Likes

What about KeePass DX/XC ?

In how many scenarios is malware able to spy on the process of the VPN or password manager and yet not have already fully compromised the system?

The study only looked at Keepass 1.42 (not affected), and did not test DX or XC.

For keepassXC Most Password Managers leak in plaintext

@IksNorTen

1 Like

This extends “fully compromised the system” to “fully compromised all of the user’s digital accounts”. Without access to the password manager, malware with administrator (needed on Windows to scan memory) would get a lot–keylogging, session hijacking, etc.–but not everything.