"The researchers tested the AutoSpill vulnerability using some of the most popular password managers, including 1Password, LastPass, Keeper and Enpass, on new and up-to-date Android devices. They found that most apps were vulnerable to credential leakage, even with JavaScript injection disabled. "
@deborahh@CivilDev Seems like a misleading headline: the headline says the issue is with password managers, but the article says the vulnerability is that websites that let you "sign in with Google/Facebook" can access your Google/Facebook password. So from the article (I admit I haven't read the original research paper), it sounds like the real danger is SSO, not password managers.
@183231bcb@CivilDev I don't follow the tech details there, like this ...
"The researchers tested the AutoSpill vulnerability using some of the most popular password managers, including 1Password, LastPass, Keeper and Enpass, on new and up-to-date Android devices. They found that most apps were vulnerable to credential leakage,"
Add comment