1pm - 2pm
Thursday 20 August 2020
Revisiting security vulnerabilities in commercial password manager
In this seminar, we will be looking at popular commercial password managers for security vulnerabilities.
This event has passed
There is no need to register, just login to the Zoom call on the day.
In this work we analyse five popular commercial password managers for security vulnerabilities.
Our analysis is twofold. First, we compile a list of previously disclosed vulnerabilities through a comprehensive review of the academic and non-academic sources and test each password manager against all the previously disclosed vulnerabilities. We find a mixed picture of fixed and persisting vulnerabilities. Then we carry out systematic functionality tests on the considered password managers and find four new vulnerabilities.
Notably, one of the new vulnerabilities we identified allows a malicious app to impersonate a legitimate app to two out of five widely-used password managers we tested and as a result steal the user's password for the targeted service. We implement a proof-of-concept attack to show the feasibility of this vulnerability in a real-life scenario.
Finally, we report and reflect on our experience of responsible disclosure of the newly discovered vulnerabilities to the corresponding password manager vendors.
Siamak F. Shahandashti from the York Interdisciplinary Centre for Cyber Security will be speaking at this event.
How to attend
This will be an online event held on Zoom.
- Meeting ID: 918 3722 0032
- Passcode: 331277
Find your local number.
- +44 203 481 5240 United Kingdom
- +44 203 901 7895 United Kingdom
- +44 208 080 6591 United Kingdom
- +44 208 080 6592 United Kingdom
- +44 330 088 5830 United Kingdom
- +44 131 460 1196 United Kingdom
- +44 203 481 5237 United Kingdom.
- +442034815240,,91837220032#,,,,,,0#,,331277# United Kingdom
- +442039017895,,91837220032#,,,,,,0#,,331277# United Kingdom