Tag

Autospill Vulnerability

All articles tagged with #autospill vulnerability

cybersecurity2 years ago•3 min saved

Android Password Managers Expose User Data in Major Security Breach

Security researchers have discovered a major vulnerability, called AutoSpill, that affects the Android autofill function in popular password managers. The vulnerability allows hackers to bypass security mechanisms and expose credentials to the host app. Password managers such as 1Password, LastPass, Enpass, Keeper, and Keepass2Android are vulnerable to the exploit, along with DashLane and Google Smart Lock when a JavaScript injection method is enabled. While there is no evidence of exploitation in the wild, the researchers warn that the implications of AutoSpill are highly dangerous. The affected password managers and the Android security team have been informed, and fixes are being developed.

via Forbes|

#android #autospill-vulnerability #credentials

technology2 years ago•2 min saved

"Security Alert: Mobile Password Managers May Compromise Your Credentials"

Researchers at IIIT Hyderabad have discovered a vulnerability in the autofill functionality of Android apps, dubbed "AutoSpill," which can expose user credentials from popular mobile password managers. When an Android app loads a login page in WebView, password managers can mistakenly expose credentials to the underlying app's native fields instead of autofilling them into the intended login page. This vulnerability poses significant risks, especially if the base app is malicious, as it can automatically access sensitive information. The researchers tested popular password managers, including 1Password, LastPass, Keeper, and Enpass, and found that most were vulnerable to credential leakage. The researchers have alerted Google and the affected password managers to the flaw and are exploring the possibility of extracting credentials from the app to WebView.

via TechCrunch|

#android-apps #autospill-vulnerability #credential-leakage