An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, that allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. Note that the vendor disputes this for two reasons - the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).
8228457f02b7ab0fd7e392ec8e339789b9e311c048473f4d48761d9c915a58c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed