In a recent investigation, security experts from secuvera GmbH have identified a serious vulnerability in various security-relevant applications such as OpenVPN, Bitwarden and 1Password. It leads to confidential information such as passwords or login information remaining in plain text in the process memory even after users have logged out, making it easily accessible to potential attackers. This vulnerability is classified as CWE-316: Cleartext Storage of Sensitive Information in Memory.
Mullvad is affected but not ProtonVPN. Studie: Klartextpasswörter in Passwortspeichern - secuvera GmbH - Cybersicherheit. Nachhaltig.
AccountID even after logging out until it is restarted in memory. The AccountID allows full login, there is no password in this service.