* International support
* Cross platform capability
* Widget and Extension support
Vulnerability Details:
Minimo includes a password manager feature that allows users to store
user/password information of sites they visit. There are two ways this
feature can be abused. First, the action of any form can be changed
dynamically via JavaScript, which could be introduced into a site via a
cross-site scripting (XSS)bug. Second, the form fields can be
automatically filled in without user interaction. As a result, a XSS bug
Security Advisory
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Chrome Password Manager Cross Origin Weakness
Release Date: 2010-02-15
Application: Google Chrome Web Browser
Versions: 4.0.249.78, 3.0.195.38, and likely earlier
Severity: Medium/Low
Author: Timothy D. Morgan <tmorgan (a) vsecurity . com>
PasswordManager Pro 6.1 Script Injection Vulnerability
scip AG Vulnerability ID 4063 (12/15/2009)
http://www.scip.ch/?vuldb.4063
I. INTRODUCTION
"Password Manager Pro is a secure vault for storing and managing shared
sensitive information such as passwords, documents and digital
identities of enterprises."
I've just posted a new paper some of you may be interested in:
http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf
While it's primarily an argument for fixing HTTP authentication, it
does contain information on a few weaknesses common in browsers,
including password manager issues and user interface vulnerabilities.
Feedback is more than welcome.
Enjoy,
tim
that users have had in terminals for decades. If you need a larger
scrollback buffer, then just install more memory on your host.
By writing scrollback data to disk, you're breaking any program
that relies on the data displayed in the terminal not being written to
disk, such as any console based password manager, gpg, encrypted volume,
etc. Their security practices become useless if the scrollback buffer
is written to disk in plain text.
Report history:
>> I've just posted a new paper some of you may be interested in:
>> http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf
>>
>> While it's primarily an argument for fixing HTTP authentication, it
>> does contain information on a few weaknesses common in browsers,
>> including password manager issues and user interface vulnerabilities.
>>
>> Feedback is more than welcome.
>>
>> Enjoy,
>> tim
2. PRODUCT DESCRIPTION
KeePass Password Safe is a free, open source, light-weight and
easy-to-use password manager for Windows. You can store your passwords
in a highly-encrypted database, which is locked with one master
password or key file.
3. VULNERABILITY DESCRIPTION
> I've just posted a new paper some of you may be interested in:
> http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf
>
> While it's primarily an argument for fixing HTTP authentication, it
> does contain information on a few weaknesses common in browsers,
> including password manager issues and user interface vulnerabilities.
>
> Feedback is more than welcome.
>
> Enjoy,
> tim
