Windows 10's password manager came with vulnerabilities, patched now
Microsoft is one of those developers that prefer to include a lot of third-party apps with their genuine copies of Windows 10. Windows 10 has been trying to imitate the mobile platforms such as Android and iOS lately and therefore comes with many apps to aid computing in the current times. However, one third-party app, that was meant to provide convenience during logging into accounts, has surfaced with a dangerous bug.
Google Project Zero researcher Tavis Ormandy has discovered a serious flaw in Keeper, a password manager app bundled with the latest versions of Windows 10. When the plugin for the following app was enabled in web browsers, a serious bug allowed for any website to steal passwords. It was surprising that this kind of vulnerable app came with a legal copy of Windows 10.
However, in another report by Ars Technica, Microsoft has confirmed that the bug has been ironed out with a patch and users will need to get the latest security update on their Windows PCs. Also, the plugin was only vulnerable if users had activated it in the browser.
While this may not be a serious issue, it focuses attention towards Microsoft’s initial software testing before a public rollout. Software developers should focus their attention towards testing the vulnerabilities that third-party software brings into the system.