Cleartext Passwords Found in Microsoft Edge Browser Memory
A newly discovered vulnerability in Microsoft Edge allows attackers to access stored user passwords in clear text from the browser's memory.
A security vulnerability has been discovered in Microsoft Edge that allows passwords stored by the browser to be accessed in clear text. Researchers found that even if passwords have not been recently used, they remain accessible within the browser's memory dump. This vulnerability affects users who have passwords saved within Edge.
The exploit involves opening the Edge browser, creating a memory dump of the browser process via Task Manager, and then analyzing the dump file for stored credentials. This method bypasses typical security measures designed to protect sensitive information, making it relatively easy for an attacker with local access to retrieve saved passwords.
Users who store sensitive passwords in Microsoft Edge are advised to review their saved credentials and consider disabling the auto-save password feature or using a more secure password manager. Microsoft has not yet released a patch for this issue, and further investigation into the full impact and potential mitigations is ongoing.