Pages

Friday, October 11, 2013

Chrome, IE store website passwords in plaintext and are easily revealed

As from the Verge, today "Chrome stores some sensitive data in plaintext, but Google says it's supposed to" http://www.theverge.com/2013/10/11/4828958/chrome-history-cache-security-flaw

"A flaw in Google's Chrome browser could find it storing personal details that users don't expect to be recorded. The security firm Identity Finder reports that Chrome will sometimes store data that's been entered into secure websites, and that it'll store that data in plaintext so that anyone can read it. The details are kept inside one of Chrome's cache files buried within the file system, but anyone could see it if they had access to a Chrome user's computer and knew where to look. It's unclear exactly when Chrome chooses to store what would seemingly be secure data, but Google tells us that it realizes this can happen and that Chrome generally doesn't protect against attackers who already have access to a user's computer.
That security model has gotten Google into hot water before: over the summer, Chrome was criticized for storing saved passwords in its preferences menu where anyone can easily view them."
Further exploration has revealed; the following results; 

Chrome
Difficulty to obtain passwords: Easy

Internet Explorer
Difficulty to obtain passwords: Easy/Medium/Hard (Depends on version)

Firefox
Difficulty to obtain passwords: Medium/Very Hard


Results fully explained here in the excellent post


No comments:

Post a Comment