Windows 10 Security News: Bundled Third-Party Password Manager Contained 'Critical' Vulnerability

By Jessica Ferrera, Christian Post Contributor

A security researcher recently revealed that a password manager which came bundled in a Windows 10 download contained a vulnerability.

The bundled password manager was the third-party application Keeper.

According to Tavis Ormandy, a researcher for Google Project Zero, he learned of the pre-installed app after he downloaded a new copy of Windows 10. In his report, he noted that other Windows 10 users had also noticed the bundled password manager several months ago.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

According to reports, Ormandy's discovery was similar to another bug that was reported 16 months earlier. "I assume this is some bundling deal with Microsoft. I've heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages. I checked and, they're doing the same thing again with this version," he said.

Ormandy said he had tested the pre-installed Keeper on Windows 10 and found a bug that results to "a complete compromise of Keeper security" and reportedly permits any website to get a user's password.

However, a representative of Keeper told Ars Technica that the recently found bug was different from what was reported before. The company claimed that the newly-discovered flaw was only present in version 11 of the app and it had only been released earlier this month.

Keeper said it has already addressed the issue last Friday, or within 24 hours of when Ormandy contacted the developer. It also released the app's version 11.4.

Meanwhile, a Microsoft representative also told Ars Technica: "We are aware of the report about this third-party app, and the developer is providing updates to protect customers."

The same report noted, however, that users who have accessed the pre-installed Keeper app, entered their password and installed its browser plugin are likely exposed to the now-fixed vulnerability.

In this case, any user who done the mentioned procedures were highly encouraged to change their sensitive login details to ensure the security of their accounts.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.