CyberSecurityBoard
Sponsor Register Login

Six of the most popular Android password managers are leaking data

Several mobile password managers are leaking user credentials due to a vulnerability discovered in the autofill functionality of Android apps.
Also: The best password managers to save you from login hassle.
The vulnerability comes into play when Android calls a login page via WebView.
When that happens, WebView allows Android apps to display the content of the web page in question.
If the originating app is trusted, everything should be OK If that app isn't trusted, things could go very wrong.
The affected password managers are 1Password, LastPass, Enpass, Keeper, and Keepass2Android.
If the credentials were shared via a JavaScript injection method, both DashLane and Google Smart Lock are also affected by the vulnerability.
Also: 5 quick tips to strengthen your Android phone security today.
Because of the nature of this vulnerability, neither phishing nor malicious in-app code is required.
One thing to keep in mind is that the researchers tested this on less-than-current hardware and software.
The versions of Android used in their testing were Android 0, Android 11, and Android 12.
As these tested devices - as well as the OS and security patches - were out of date, it's hard to know with any certainty whether the vulnerability would affect newer versions of Android.
Also: Why you can still trust password managers, even after that LastPass mess.
Even if you are using a device other than what the group tested with, it doesn't mean this vulnerability should be shrugged off.
Rather, it should serve as a reminder to always keep your Android OS and installed app up-to-date.
The WebView system has always been held under scrutiny and updates for this software should always be updated.
For that, you can open the Google Play Store on your device, search for WebView, tap About this app, and compare the latest version with the version installed on your device.
If they are not the same, you'll want to update.
One of your best means of keeping Android secure is to make sure it is always as up-to-date as possible.
Check daily for OS and app updates and apply all that are available.


This Cyber News was published on www.zdnet.com. Publication date: Mon, 11 Dec 2023 18:13:05 +0000


Cyber News related to Six of the most popular Android password managers are leaking data

Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
3 months ago Techrepublic.com
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
4 months ago Techtarget.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
3 months ago Esecurityplanet.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
6 months ago Bleepingcomputer.com
Six of the most popular Android password managers are leaking data - Several mobile password managers are leaking user credentials due to a vulnerability discovered in the autofill functionality of Android apps. Also: The best password managers to save you from login hassle. The vulnerability comes into play when ...
6 months ago Zdnet.com
API Roadmaps and Authentication Experiences - In the dynamic landscape of digital product development, APIs have emerged as indispensable tools that not only connect systems but also play a pivotal role in shaping product roadmaps. In this exploration, we will unravel the multifaceted impact of ...
7 months ago Feeds.dzone.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
6 months ago Ghacks.net
Navigating API Governance: Best Practices for Product Managers - As the complexity of API ecosystems grows, the need for robust governance becomes paramount. In this article, we will explore in-depth the best practices for product managers in navigating API governance, ensuring secure, scalable, and compliant ...
7 months ago Feeds.dzone.com
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
4 months ago Techrepublic.com
Most common passwords: 70% can be cracked in less than a second - Racking your brains to come up with a strong password can be a pain. NordPass, the password management tool from the team behind NordVPN, partnered with independent researchers to release its study of the 200 most common passwords used in 2023. Of ...
7 months ago Cnbc.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
1 month ago Cyberdefensemagazine.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
5 months ago Techrepublic.com
I tried two passwordless password managers, and was seriously impressed by one - Password management apps have been around for decades. There's 1Password, for example, which promises that you'll only need to remember one password instead of dozens or hundreds. Also: Why you can still trust password managers, even after that ...
6 months ago Zdnet.com
KeePass disputes report of flaw that could exfiltrate a database - Recent security incidents around password managers such as Bitwarden and 1Password, and a posting last week by independent security researcher Alex Hernandez that the open-source KeePass password manager had a flaw, have sparked discussion in the ...
1 year ago Packetstormsecurity.com
eSecurity Planet - Dashlane is a password management software that's popular for business and personal uses alike. Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault. Internet security ...
5 months ago Esecurityplanet.com
Many popular websites still cling to password creation policies from 1985 - A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. The researchers used an automated account creation method to assess over 20,000 ...
6 months ago Helpnetsecurity.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
6 months ago Bleepingcomputer.com
The 20 Most Popular TechRepublic Articles in 2023 - 20 Most Popular TechRepublic Articles in 2023 Here's a list of the 20 most popular articles published by TechRepublic in 2023. Read articles about ChatGPT, Google Bard, Windows 11 and more. This year, developments in generative AI dominated the tech ...
6 months ago Techrepublic.com
AutoSpill attack steals passwords from password manager - Password Managers have become increasingly important to smartphone users as they provide a high level of convenience to users for filling out the information on a web page or application instead of typing out everything. There is no need for users to ...
6 months ago Cybersecuritynews.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
3 months ago Venturebeat.com
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
3 months ago Feeds.dzone.com
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
6 months ago Helpnetsecurity.com
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
1 year ago Tripwire.com
Optimizing API Lifecycles - In this article, we will delve into the intricacies of optimizing API lifecycles-an essential aspect for product managers navigating the dynamic landscape of digital integration. From conceptualization to retirement, understanding and implementing ...
6 months ago Feeds.dzone.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)