The iOS version of password manager Keeper beat the passwords out in plain text in the phone, so it appears from research of the Dutch security company Fox-IT. Thus, it was the master password, which allows access to the app is obtained, to determine.
Version 5.3 of the Keeper-application for iOS hit the information in plain text, because traffic to the Keeper server is unencrypted in the cache was saved, according to research by Fox-IT. The Keeper-password manager can be used to store passwords for different services, to save in one application, and these passwords to a variety of devices to sync.
Although the traffic to the servers of Keeper via https expires, it is the content of the traffic itself is not separately encrypted. This is the master password, which the user passwords are secure, is unencrypted in the cache. Also the other passwords are to be found in the cache. This run, for example, users with a gejailbreakte phone danger; a rogue application can recover passwords.
Now is a update released for the application, but Fox-IT is not satisfied with the way the Goalkeeper dealt with the security issue. The company was not willing to work together on a solution, but sent the bugmelding immediately to the legal department. “That let us know that we the terms of use were violated,” according to a Fox-IT researcher. Therefore, Fox-IT has not been explored or the update the problems are indeed problems.
Seems also to be Keeper of the problems in the cover up want to quit. From the description of the update, version 6.0, it does not show that a security issue is resolved. It also wants to Keeper of the problems are not in the public domain and has announced legal action against Fox-IT, as the company does. Because Keeper can’t make it to the outside wanted to join, decided, Fox-IT that despite the legal threat itself. “We’re waiting for that legal steps”, says the researcher
The company did the discoveries in the framework of a research wachtwoordmanagers. “The investigation had just begun when we encountered”, says the researcher. “This was the most popular free password manager, so this is the first that I have researched.” It is unknown whether the Android version of Keeper problems also contains.
