Just a moment...
www.bleepingcomputer.com

Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.”

    • terabyterex@lemmy.worldEnglish
      11·
      14 days ago

      i want to be clear whats going on here. every other password manager loads the password you are requesting (they have to)… edge, on startup, loaded every single password in memory to be accessed. every… single… one.

      bitwarden does not do that.

      • favoredponcho@lemmy.zipEnglish
        7·
        14 days ago

        I think the only difference is the “on start up” piece. Bitwarden doesn’t load unencrypted contents in to memory on startup, but the moment you unlock your vault, all of its contents are dumped into memory in plaintext. It’s not like it decrypts one password at a time on request. When your vault is unlocked, everything is decrypted. When your vault is relocked, it’s supposed to purge the unencrypted contents from memory.

        A Bitwarden moderator explains this in a forum post:

        When the vault is unlocked, all of the vault contents exist in a decrypted state in the process memory. In rare cases, your master password or PIN can also be found in the process memory.

        https://community.bitwarden.com/t/what-informations-can-be-extracted-from-a-memory-dump-when-client-is-unlocked/53188/2