A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
That is infuriating. Leaving those keys available to the user means that worms can later use you to compromise additional machines. It turns a local problem into a much bigger one. There’s a recursive script out there that automatically scans your ssh files and attempts to access all hosts in your history…name escapes me at the moment.
Microsoft SSH agent persistently stores your unencrypted private keys in the registry. They’re still there unlocked and usable after you reboot.
https://github.com/PowerShell/Win32-OpenSSH/issues/1487
God, the final comment in that thread makes my blood boil.
That is infuriating. Leaving those keys available to the user means that worms can later use you to compromise additional machines. It turns a local problem into a much bigger one. There’s a recursive script out there that automatically scans your ssh files and attempts to access all hosts in your history…name escapes me at the moment.
Right there in the name, it says Secure She’ll Hades