Issue metadata
Sign in to add a comment
|
Security: Passwords hive vulnerability
Reported by
ian.step...@gmail.com,
Jun 13 2017
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Easily getting access to users passwords/cookies. Also its even too easy using GPO in enterprise networks. VERSION Chrome Version: 58.0.3029.110 (64-bit) Operating System: Windows 7, 8, 10, 2012, 2016 REPRODUCTION CASE In enterprise networks VIA GPO + GPO Admin access : Adding attacking app in users autorun in registry. This way app will run under users credentials, so protection becomes inefficient and simple System.Security.Cryptography.ProtectedData .NET class can decode password fields. GPO + ARP SPOFFING : same way but using spoof attack will gave same result, now without any access rights in domain ( this much depends on domain network security level and its architecture, but in most cases its easy enough ). Actually ANY application running under users credentials can get all stored passwords, cookies and anything encoded this way. Building custom app will prevent attacker from being detected by any antivirus software. Sample code in c# included.
,
Sep 20 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jun 13 2017Labels: OS-Windows
Mergedinto: 678171
Status: Duplicate (was: Unconfirmed)