Password Management Protocol vulnerabilities

Password Management Protocol vulnerabilities By of the affiliation Department’s Paper’s Password is one thing that can prevent other users from accessing various accounts networks and what is very important all kinds of confidential information. Such information should be protected and passwords are quite good solution for the protecting it from the unauthorized access. However, hackers can find them and steal using some software. There are many, even in the Internet, software which can help even amateurs in this business to steal passwords. We will through the usage of one application that can show and copy passwords saved in the browser. Many users use autocompleting in their browser and this main threat for the password security and we will show It on the example of one non-malicious software called “WebBrowserpassview”.
We will analyze the password storage protocol used in the browser like Google Chrome, Opera, Firefox Mozilla, Seamonkey. These browsers store their passwords almost equally and their passwords can be revealed to the hacker with the help of the tool we mentioned above. Because mechanism of the encrypting passwords is very weak and even the simplest applications can retrieve them from their register, moreover, this application has good interface and getting passwords can present problem for the hacker, because it needs physical contact with the target computer, however, there are thousands modifications of this software which have hidden interface and after the running can send all passwords on the email or FTP-server of the hacker. Therefore saving of the passwords in the browser is quite doubtful method of password storage (10 Most Popular Password Cracking Tools 2014).
Functioning of the “WebBrowserPassview”
Here we can see good interface for the passwords viewing and various operations with them. This application allow user to save them to the file. This file can be copied to other emails and then used in malicious activities like the accessing some bank-accounts without the two-step authorization that requires special key that system sends to the cell-phone of the user or to the email.
Here this application presented all our passwords with the description of fields in which they were entered. It helps hacker easily reenter all these passwords to the necessary fields.
There are many ways to protect computer from such attacks. The first way – avoiding downloading some software, regardless from the content and specifications written on the site, if the site is not Microsoft.com or other associated site to the OS user use. Creators of the password storage systems can use special encrypting protocols which will help to defend passwords from retrieving with some application. Moreover, developers can use key file that will give access to the passwords, we mean any file in the system that will be necessary for accessing passwords and after the beginning of the work with such application this file give access to all passwords, otherwise they will be hidden and encrypted. For all users who use the browsers they can buy or just download free version of the “KeePass Password Safe. This application helps to save passwords from the copying and send them to the FTP-server through the protected chanel and the storage of the password is protected with the two-stage protection with the Master-Password and the special file with the encoding key which should exist on the computer to access passwords, so user can take this file on the flash-storage and access his/her passwords on other computers (KeePass Password Safe 2011).
References
KeePass Password Safe 2011, Viewed 16 January 2015,
10 Most Popular Password Cracking Tools 2014, Viewed 16 January 2015,
http://resources.infosecinstitute.com/10-popular-password-cracking-tools/

You Might Also Like