SC Media’s article, “User credentials exposed by ‘massive flaw’ in some password managers,” addresses password management tools and how attackers can access the master password, exposing users to ‘massive’ credential theft. A report titled ‘Under the Hood of Secrets Management,’ written by researchers at Independent Security Evaluators (ISE), discovered weaknesses within these password tools, leaving more than 60 million individuals and 83,000 businesses vulnerable to data theft.
SureCloud’s Senior Cybersecurity Consultant, Matt Watson, responds to the article and offers advice on how best you can protect yourself against these attacks:
What should users do to protect password managers?
There’s some excellent advice offered towards the end of the SC article. General security best practices, such as the use of proven anti-virus software, disk encryption, and ensuring that software and operating system updates are regularly applied. Operational mitigations such as ensuring that workstations are locked when unattended and using strong, complex passwords (and key files, where appropriate) for the master passwords is also crucial.
What advice would you give to organizations over the use of password managers?
The weaknesses highlighted within this article are valid, but the attack vectors demonstrated here would require some level of elevated permissions to execute a memory-based password extraction. There are already tools available online to perform offline-password attacks against some of these password management database files, so it is paramount that users within your organization are educated to have strong and unique passwords for any work-related password management software.
How can the problems be mitigated until fixes are in place?
Organizations should ensure that general security best practices are followed and provide users with regular, ongoing security awareness training designed to highlight current attack vectors and to assist and educate them in how to create a strong and complex master password.
Any other comments?
It is of paramount importance that access to all systems and files are strictly controlled and that user access abides by the principle of least privilege. It is also highly likely that the vendors listed here will be quick to react and respond by releasing additional security patches and/or mitigations designed to prevent some (or all) of the attack vectors listed. Regular penetration testing of all systems will also provide assurance that general security best practices are being implemented and adhered to within the organization.
You can read the full article here