Edge stores passwords in plaintext memory at startup; a tool has been released to test against the flaw.
This requires reading application memory
Edge may reportedly leak all your passwords easily and Microsoft says it's "by design"
Submitted 1 week ago by BrikoX@lemmy.zip to technology@lemmy.zip
Comments
possiblylinux127@lemmy.zip 1 week ago
kogasa@programming.dev 1 week ago
Seems like a pretty basic security precaution to avoid loading decrypted secrets into memory before they’re needed. Someone who can access application memory can already own you but there isn’t really a good reason why they should be able to access secrets that you never accessed while they were in.
possiblylinux127@lemmy.zip 6 days ago
At some point they will need to be decrypted anyway
I think this was done for performance and simplicity
favoredponcho@lemmy.zip 1 week ago
Didn’t Bitwarden store your passwords in application memory too?
experimentmapass@social.trom.tf 1 week ago
rando@sh.itjust.works 1 week ago
Use a real password manager people
craneum_@lemmy.zip 1 week ago
*operating system