TrendMicro Password Manager will let anyone execute arbitrary code. Also download your passwords.
-
Pretty amazing security Swiss cheese discovered in this Password Manager. Seems like one of the crappy services in this bloatware POS opens up an unsecured node.js server that any site can just target through well known ports and wreck havoc on your machine.
The only bright spot is that they seem to have responded pretty quickly with patches, instead of burying their head in the sand.
-
Why is a password manager on a client computer running a fucking server?
-
Well, Jeff told them that it would be easier to monetize if they did it in a way that didn't make sense to anyone.
-
If Jeff was involved then it'd need like 3GB RAM as soon as you try and store more than 6 passwords.
-
If Jeff was involved it would store the user passwords on a CDN.
-
You're thinking too much. If Jeff was involved, it would use Discourse to store passwords.
-
-
KeePassHTTP plugin does. So you can install a plugin in your browser so you can login without having to copy-paste user/pass
-
Why do you want to overcomplicate shit so much?
Come on, it's easy. You set up a Discourse instance and then you simply create a thread for each website/application you want to store a password to. This way you also get revision history, since posts aren't deleted and you can always check out which passwords you have already used!
If you need a multiuser instance, you can always easily create different categories, one per each user.
Discourse is great for this shite!
-
Why is a password manager on a client computer running a fucking server?
The guys at Trend Micro needed cheap load balancers.
-
I'm sure that's possible without it running a server.
-
The only bright spot is that they seem to have responded pretty quickly with patches, instead of burying their head in the sand.
That's true.
Unfortunately I don't think patches will do the trick - it looks like this thing is a real and total piece of
-
This is hilarious!!! I hope this gets made into a feature article!!