←back to thread

Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox

(github.com)
95 points thunderbong | 2 comments | 22 Oct 24 04:23 UTC | HN request time: 0.396s | source
Show context
reddalo ◴[22 Oct 24 07:20 UTC] No.41911976[source]
Is it even safe to use browser-integrated password managers? I think they're so much easier to use than external solutions such as KeepassXC, but if it's so easy to decrypt their databases...
replies(5): >>41912021 #>>41912023 #>>41912226 #>>41912321 #>>41913160 #
account42 ◴[22 Oct 24 08:29 UTC] No.41912321[source]
Why is this surprising and why do you expect the situation with external password managers to be different? If you can decrypt it other software running on your computer can too.
replies(1): >>41912392 #
graemep ◴[22 Oct 24 08:46 UTC] No.41912392[source]
A password manager integrated with the browser could be compromised by a vulnerability in the browser as well exploited by something running within the browser.
replies(2): >>41912443 #>>41912571 #
1. adrianN ◴[22 Oct 24 08:56 UTC] No.41912443[source]
That depends on how it is designed.
replies(1): >>41912909 #
2. graemep ◴[22 Oct 24 10:25 UTC] No.41912909[source]
Is Firefox's designed in a way that prevents that?

Given it can automatically insert passwords for a site, something in the browser can access passwords.