Researchers Find Security Vulnerabilities In Some of The Top Password Managers

24th March 2020

Researchers Find Security Vulnerabilities In Some of The Top Password Managers

While password managers are meant to protect users’ credentials and underlying sensitive data, they do not necessarily warrant fool-proof security.

Researchers have recently disclosed the existence of numerous vulnerabilities in some of the top password managers.


Researchers from the University of York have revealed their findings regarding vulnerabilities in the top password managers. Detailing their findings in their research paper, the researchers highlighted that they tested five different commercial password managers in their study. They evaluated these password managers against the previously disclosed bugs. Where they also found some new vulnerabilities as well. Briefly, the two researchers Michael Carr (Piksel, York Science Park) and Siamak F.

Shahandasht (University of York) analyzed the top 5 password managers (out of 19) based on their popularity and features. These include Dashlane, LastPass, 1Password, Keeper, and RoboForm. They then performed a two-fold analysis by first testing these 5 against six prominent known vulnerabilities and then conducted functionality tests to unveil more flaws.

The known vulnerabilities include two-factor authentication seed vulnerability, element inspection vulnerability, registration discovery flaw, URL mismatch, ignoring subdomains, and a HTTPS Autofill vulnerability.

To read more about the outcomes of the research, and for the full story, please visit the latest hacking news website at