U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pre-Installed Keeper Password Manager on Windows 10 exposes systems to passwords stealing

White hat hacker discovered some Windows 10 versions come with a pre-installed version of Keeper Password Manager that exposes systems to passwords stealing. I was reading Tweets when I noticed the following post: I don't want to hear about how even a password manager with a trivial remote root that shares all your passwords with […]

Keeper password manager flaw

White hat hacker discovered some Windows 10 versions come with a pre-installed version of Keeper Password Manager that exposes systems to passwords stealing.

I was reading Tweets when I noticed the following post:

Some Windows 10 versions come with a pre-installed 3rd-party password manager app that could allow hackers to steal users credentials remotely.

Starting from Windows 10 Anniversary Update (Version 1607), Microsoft included in its OS a new feature called Content Delivery Manager that silently installs new “suggested apps” without notifying it to the users.

The hidden password manage was reported months ago by several Reddit users.

The presence of the password manager called Keeper was confirmed by the popular Google Project Zero hacker Tavis Ormandy who found the application pre-installed on his new Windows 10 system.

“I recently created a fresh Windows 10 VM with a pristine image from MSDN, and found that a password manager called “Keeper” is now installed by default. I’m not the only person who has noticed this: https://www.reddit.com/r/Windows10/comments/6dpj78/keeper_password_manager_comes_preinstalled_now/

I assume this is some bundling deal with Microsoft.” wrote Ormandy in a blog post published on Chromium Blog.

“I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages ( issue 917 ). I checked and, they’re doing the same thing again with this version. I think I’m being generous considering this a new issue that qualifies for a ninety day disclosure, as I literally just changed the selectors and the same attack works”

Ormandy decided to analyze the Keeper password manager searching for vulnerabilities to exploit to compromise the Windows installation.

After a few tests, Ormandy discovered a critical vulnerability in the Keeper Password Manager that could be exploited by attackers to “complete compromise of Keeper security, allowing any website to steal any password.”

The security vulnerability was quite identical to another issue discovered in August 2016 by Ormandy in the non-bundled version of the Keeper plugin that allowed malicious websites to steal passwords.

Ormandy also published proof-of-concept (PoC) exploit code that steals a user’s Twitter password if it is stored in the Keeper app.

Windows 10 users wouldn’t be affected unless they open Keeper password manager and enable the software to store their passwords.

Keeper password manager flaw

Ormandy reported the flaw to the Keeper development team that addressed it in the released version 11.4.

Keeper declared it has not news of attacks exploiting the security vulnerability in the wild.

There is anyway a thing that the great Ormandy hasn’t discovered … why the Keeper password manager was pre-installed without users’ knowledge.

To disable the Content Delivery Manager it is possible to use these registry settings.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Keeper  password manager, Windows 10)

[adrotate banner=”5″]

[adrotate banner=”13″]