Microsoft Edge Exposes Saved Passwords in Cleartext Memory

Severity: High (Score: 65.2)

Sources: Isc.Sans.Edu, Gbhackers, Csoonline, Cybersecuritynews, www.cybersecuritydive.com

Summary

A researcher has discovered that Microsoft Edge saves all passwords in cleartext in process memory upon startup, regardless of whether the user has accessed the sites. This vulnerability, identified by Tom Jøran Sønstebyseter Rønning, poses significant risks for users, especially in shared environments. The issue was confirmed by multiple sources, including Heise.de and Cybersecuritynews. Microsoft has stated that this behavior is 'by design,' which has drawn criticism from security experts who argue it compromises user security. Other browsers, such as Google Chrome, employ better security practices to encrypt stored passwords. Rønning plans to release a tool on GitHub to demonstrate the vulnerability. The lack of urgency from Microsoft raises concerns about the company's commitment to user security. This issue affects all users of Microsoft Edge who save passwords within the browser. Key Points: • Microsoft Edge stores passwords in cleartext in process memory at startup. • The vulnerability is confirmed by multiple sources and is deemed a significant security risk. • Microsoft claims this behavior is 'by design,' which has been criticized by security experts.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Ransomware (attack_type)
• Microsoft (company)
• Azure (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• heise.de (domain)
• T1003 - OS Credential Dumping (mitre_attack)
• T1021 - Remote Services (mitre_attack)
• Chromium (platform)
• Linux (platform)
• Microsoft Edge (platform)
• Windows (platform)
• Google Chrome (tool)
• MS Sysinternals (tool)
• Strings (tool)