Keep your memory dump shut: Unveiling data leaks in password managers
CoRR(2024)
摘要
Password management has long been a persistently challenging task. This led
to the introduction of password management software, which has been around for
at least 25 years in various forms, including desktop and browser-based
applications. This work assesses the ability of two dozen password managers, 12
desktop applications, and 12 browser-plugins, to effectively protect the
confidentiality of secret credentials in six representative scenarios. Our
analysis focuses on the period during which a Password Manager (PM) resides in
the RAM. Despite the sensitive nature of these applications, our results show
that across all scenarios, only three desktop PM applications and two browser
plugins do not store plaintext passwords in the system memory. Oddly enough, at
the time of writing, only two vendors recognized the exploit as a
vulnerability, reserving CVE-2023-23349, while the rest chose to disregard or
underrate the issue.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要