Researchers in Finland Detect Vulnerability in Password Management Software

Researchers were able to identify a security gap within more than 10 password management software applications used by millions of people from around the world. This includes an app used by Finland’s population registry.

Security researchers in Finland have detected a range of vulnerabilities in software used for password management, as well as many other purposes of data security. The researchers from Aalto University and the University of Helsinki said that it was possible for hackers to potentially take advantage of the security vulnerability on shared workstations.

Finding a Vulnerability in Password Management Software

The group managed to spot the gap in security in DigiSign card reader software that is used by Finland’s population register centre, designed to give access to individuals or health care professionals through the use of electronic identification cards.

The team explained that password management systems such as these often bring together two parts. The first is a password register and the second is a browser extension. The way in which information is exchanged between the two segments is known as inter-process communication, otherwise known as IPC.

However, it is rare for the IPC channel to be secured. As a result, malware has the potential to give bad actors opportunities to access password information by taking advantage of the gap. The researchers made a note that those who have access to shared computers would, in turn, be able to attack software through the use of the IPC communication opening.

No Indication Back Door has been Exploited

As an example, the centralised user management system that is used by a large number of organisations makes it quite easy for any employee to login to any workstation. In principle, Employees who work in these kinds of environments would then have the opportunity to abuse the system, they explained. This means that a troublemaker would be able to login to another person’s account or take control of a computer if it has enabled remote access. However, people are yet to exploit the vulnerability.

The researchers made a note that those who could gain access to a doctor’s workstation through areas such as a backdoor could then take advantage of the vulnerability for the purpose of forging things such as prescriptions. They identified a similar security gap in over 10 different applications used by millions across the globe.

Join us for IDM Europe

Join us in September for Europe’s leading conference on the discussion and full lifecycle deployment of Identity and Access Management (IAM) systems across industry and government. This event will bring together hundreds of IDM thought leaders and innovators throughout Europe and further afield to discuss and shape the future of secure, risk-driven and business-centric IAM.