- This topic has 0 replies, 1 voice, and was last updated 9 years, 2 months ago by
.
-
Posts
-
-
Today I found something very scary about Google Chrome and the way it stores passwords! It’s actually possible to view someone’s stored passwords in Google Chrome. This is a really easy hack to view all someones saved passwords:
- First log in as the user (or log into their computer administratively, perhaps using Hirens to hack the administrator password, then reset their password or get a copy of their profile and apply it to your account)
- Visit the following web page in Google Chrome:
chrome://settings/passwords
This will take you to the password settings within Google Chrome, it’s not an actual website
- Next, click the password that’s currently unreadable (next to any website you want to see the users password for)
- A Show button will then appear next to the password, click Show to see what password the user stored in Google Chrome
This is a really scary hack because everybody has stored a password at some point. Also because Google Chrome runs in the user context, it’s really easy to write a program / virus that connects to Google Chrome using a handle and read the passwords. Also, most people use the same set of passwords, so probably all their passwords will be stored here and readily available.
My advice:
- Secure your computer using BitLocker
- Secure your computer with a BIOS password
- Secure your Windows logon with a secure password and username that it’s guessable. Set Windows not to store the last logged in users details at the Welcome screen and not to cache logins
- Apply all Windows Updates
- Ensure you have an up to date Antivirus program
- Alternatively (although, preferably additionally), prevent Google Chrome asking to save passwords and delete all cached passwords from Google Chrome!
-
- You must be logged in to reply to this topic.