Edge browser leaves passwords exposed in plain text, says researcher
Summary
A researcher has discovered that Microsoft Edge's password manager saves passwords in plain text within the browser's process memory, even after the browser is closed and reopened. Microsoft reportedly stated that this behavior is 'by design,' a response that cybersecurity experts criticize as insufficient and an invitation for cybercriminals.
IFF Assessment
This vulnerability exposes user credentials in plain text, making it easier for attackers to steal sensitive information.
Defender Context
This finding highlights a significant security flaw in a widely used browser, potentially exposing sensitive user credentials. Defenders should be aware of this vulnerability and consider advising users to avoid relying on Edge's built-in password manager for critical accounts or to implement additional security measures like strong endpoint protection.