Windows 10 included a password manager complete with massive password-stealing potential
16:25, Monday, 18 December, 2017
Microsoft has been bundling a password manager that features a dangerous flaw with some versions of Windows 10, a Google security researcher has revealed. Tavis Ormandy noticed that his copy of Windows 10 included Keeper, which he had previously found to be injecting privileged UI into pages.
The version that Microsoft was including with Windows 10 featured the same bug. What does this mean? In short, it allows any website to steal passwords from you.Keeper was included in some Windows 10 installations as a browser plugin, and it included the very same vulnerability that Ormandy had reported nearly a year and half earlier. With little more than a couple of very easily implemented tweaks, he found that it was possible to steal passwords that are stored within Keeper.