Skip to Main content Skip to Navigation
New interface
Conference papers

Revisiting Security Vulnerabilities in Commercial Password Managers

Abstract : In this work we analyse five popular commercial password managers for security vulnerabilities. Our analysis is twofold. First, we compile a list of previously disclosed vulnerabilities through a comprehensive review of the academic and non-academic sources and test each password manager against all the previously disclosed vulnerabilities. We find a mixed picture of fixed and persisting vulnerabilities. Then we carry out systematic functionality tests on the considered password managers and find four new vulnerabilities. Notably, one of the new vulnerabilities we identified allows a malicious app to impersonate a legitimate app to two out of five widely-used password managers we tested and as a result steal the user’s password for the targeted service. We implement a proof-of-concept attack to show the feasibility of this vulnerability in a real-life scenario. Finally, we report and reflect on our experience of responsible disclosure of the newly discovered vulnerabilities to the corresponding password manager vendors.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03440843
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 22, 2021 - 3:33:47 PM
Last modification on : Monday, November 22, 2021 - 4:37:40 PM
Long-term archiving on: : Wednesday, February 23, 2022 - 7:59:33 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

Citation

Michael Carr, Siamak F. Shahandashti. Revisiting Security Vulnerabilities in Commercial Password Managers. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.265-279, ⟨10.1007/978-3-030-58201-2_18⟩. ⟨hal-03440843⟩

Share

Metrics

Record views

5