98
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
(www.helpnetsecurity.com)
this post was submitted on 09 Aug 2024
98 points (99.0% liked)
Cybersecurity
5685 readers
4 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
One thing to keep in mind about how these vaults work, is you often unlock them and then they stay unlocked for a short period of time, like 5 minutes. So if you do compromise a system and can detect when it is unlocked, you have a decent window to programmatically extract credentials.
That said, it requires that your system has already been completely owned, pretty much. At that point, it could potentially log keystrokes and clipboard, and get credentials, including your master password.
Right. If you have malware on your computer, you might as well assume that every part of the computer, and everything it can connect to, is compromised.