Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions \ stacker news ~security

pull down to refresh

Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions cyberinsider.com/zero-day-clickjacking-flaws-found-in-password-managers-used-by-millions/

650 sats \ 8 comments \ @RideandSmile 21 Aug security

view all related items

68 sats \ 5 replies \ @SimpleStacker 21 Aug

Interesting, but is this really a weakness of the password managers? It seems like it works by tricking you into clicking an autofill---but you're still on a malicious website, you still have to click the submit button (I think?)

23 sats \ 3 replies \ @WeAreAllSatoshi 21h

If the password manager browser extensions can protect against the issue, I feel like they should. Whether it’s their fault or not, given their role, they should do everything in their power to prevent such issues. Just my 2 sats

61 sats \ 1 reply \ @SimpleStacker 20h

I agree. I was just coming at it from the perspective of "am I in danger?"

0 sats \ 0 replies \ @WeAreAllSatoshi 20h

I get you now.

50 sats \ 0 replies \ @RideandSmile OP 20h

indeed, it s their job (security)

7 sats \ 0 replies \ @RideandSmile OP 21 Aug

Yes, i understand also like that :

΅Critically, only a single click such as accepting a cookie banner or closing a pop-up can be enough to leak sensitive information like login credentials, stored 2FA codes, passkeys, and even credit card numbers or personal addresses.¨

18 sats \ 1 reply \ @freetx 22h

This is one of the reasons why I've never trusted browser extensions that interact with your password manager....it always seemed like the obvious weak point of security.

I much prefer to just manually copy/paste so that your actions are explicit.

9 sats \ 0 replies \ @RideandSmile OP 21h

i do the same actually, i prefer to type my pwd instead of using an app....