Security Diaries All About Security
Related Articles
If you have windows 10 anniversary update installed on your PC i.e version 1607 then there might be possibility that your computer has pre-installed password manager and hackers can steal all your credentials remotely.
In anniversary update Microsoft added a new feature called Content Delivery Manager which installs suggested apps in stealth mode without any permission from user.
Tavis Ormandy, Google Project Zero researcher said he found pre-installed password manager called Keeper on his windows 10 system which is freshly pressed. He is not alone there us another one who complained about this six months ago in reddit.
What’s the bug?
He started testing out Keeper and found a bug that can let any website to steal any password.
Ormandy tweeted
I don’t want to hear about how even a password manager with a trivial remote root that shares all your passwords with every website is better than nothing. People really tell me this. 🙄
— Tavis Ormandy (@taviso) December 15, 2017
This is the similar vulnerability that was found by Ormandy in 2016, which enables malicious websites to steal passwords. But this vulnerability is discovered in non-bundled version
Ormandy said “I checked and, they’re doing the same thing again with this version. I think I’m being generous considering this a new issue that qualifies for a ninety day disclosure, as I literally just changed the selectors and the same attack works”
Ormandy also provided Proof-of-concept exploit that steals twitter password if its stored in keeper manager.
Update
After Ormandy reported it to Keeper team they acknowledged and released update 11.4 in which ‘add to existing’ functionality was removed.
Keeper also added there aren’t any attacks noticed.
Ormandy added users aren’t vulnerable unless they open keeper password manger and store their passwords in them.
Microsoft yet didn’t explain about how keeper is getting installed in their OS.
You can disable Content Delivery Manager here.
