Visible to the public "Researchers Expose Vulnerabilities of Password Managers"Conflict Detection Enabled

A new study conducted by researchers at the University of York suggests that fake apps could fool some commercial password managers into giving passwords away. The research shows that some password managers are weak at identifying apps and determining which username and password to suggest for autofill. Researchers created a malicious app that impersonates a legitimate app to exploit this weakness. Using this technique, they were able to trick two out of the five password managers chosen for the study. Senior author of the study, Dr. Siamak Shahandashti from the Department of Computer Science at the University of York, highlighted that studying the security of password managers is essential as they provide paths to highly sensitive information. This article continues to discuss the vulnerabilities found in password managers, how hackers could abuse the weaknesses, and the disclosure of these vulnerabilities to vendors.

EurekAlert! reports "Researchers Expose Vulnerabilities of Password Managers"