Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Password Managers Leave Data Fragments in RAM

February 20, 2019

Nothing is perfect. Independent Security Evaluators (ISE) released its review of several Windows password managers (LastPass, KeePass, Dashlane & 1Password). Data Breach Today reported that the big problem is in how the password managers handle data in memory. Password managers do a good job of protecting your information when they are locked or shut down, but there are issues when unlocked and running. ISE stated, "We were surprised in the inconsistency in secrets sanitization and retention in memory when in a running unlocked state and, more importantly, when placed into a locked state. If password managers fail to sanitize secrets in a locked running state then this will be the low hanging fruit that provides the path of least resistance to successful compromise of a password manager running on a user's workstation."

The big news is that 1Password didn’t do so well and that the latest versions of software aren’t necessarily better than older versions. The good news is that none of the vulnerabilities can be remotely exploited. However, if you contract malware that “pnwns” your machine, you’re screwed. No password manager can protect your data if the malware captures your master unlock password. Even with the discovery by ISE, using a password manager is better than not using one.

Email:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com