If you are an avid user of password managers, you might just be in for a surprise. A recent study by researchers at the Independent Security Evaluators found that a number of popular password managers were storing master passwords as plain text within the main memory of devices.
To an expert hacker, this vulnerability is equivalent to getting the keys to multiple accounts as a text document on your computer. The master key of any password manager can be used to gain access to all usernames and passwords being managed by it.
Researchers were able to use proprietary reverse engineering tools to evaluate how various password managers such as Dashlane, KeePass and LastPass managed their master passwords when in their locked state.
The only condition that needs to be met for this vulnerability to be exploited is gaining access to a computer either remotely using malware or physically.
Password managers have made the lives of people easier owing to the convenience they offer. Users have often found it difficult to remember complex passwords that are recommended to make accounts secure. Password managers solve this problem by storing information about various accounts in one location. Even though this vulnerability has revealed a gaping hole in the security of such software, researchers still recommend their use owing to the various advantages they offer.
In conclusion, until creators of the affected password managers release patches that fix the issue, it is recommended that users do not leave the app running in the background, even in its locked state. To protect yourself from such attacks, make sure to use an updated antivirus to prevent attackers from gaining access to your devices.