Vivaldi user data security issues
-
Reference:
https://github.com/moonD4rk/HackBrowserDataWith this public tool, you can read sensitive user data of Vivaldi, especially website login credentials, without the need for passwords.
C:\Users\matthew\Desktop\Work\2021\02\0201>hack-browser-data.exe -b vivaldi -p C:\Vivaldi\Matthew\Default [x]: Get 1151 bookmarks, filename is results/vivaldi_bookmark.csv [x]: Get 1108 cookies, filename is results/vivaldi_cookie.csv [x]: Get 12472 history, filename is results/vivaldi_history.csv [x]: Get 16 passwords, filename is results/vivaldi_password.csv [x]: Get 0 credit cards, filename is results/vivaldi_credit.csvPlease Vivaldi development team to fix it
-
It is difficult to guarantee that the software installed on the computer is safe and trustworthy. Even if it is reliable at present, it may become unreliable as it is upgraded. Sensitive data during the operation of the browser should be protected to avoid unauthorized trustworthiness
-
@guigirl said in Vivaldi user data security issues:
But how on earth can this OP "issue" seriously be considered to be a problem?
Because it is? There is a reason people are told not to keep their passwords stored in a plain text file on their desktop. Just as there is a reason why Chromium encrypts all login credentials.
Forgot to lock your laptop when you went to the bathroom? Someone else might come by and swipe all your passwords.
Got tricked into some tech support scam? Bam! They can say they fixed the "issue", and then proceed to log in to all your accounts while you are blissfully unaware.
Obviously you can blame the victim for being careless or naïve, but that doesn't mean that software shouldn't try to protect them anyway.And what about other vulnerabilities in other software? There was a recent exploit in Microsoft Teams that allowed a person to execute any code they wanted on other people's machines. What did the victims have to do for the hacker to gain access? Read a chat message. That's it. And the message wouldn't look any different from any other message. Just put together a quick little program that runs
hack-browser-dataon the victim's machine, sends the files to you, and then spreads the chat message to all of that person's contacts. Bam! An entire company network's worth of login credentials.
Are these things likely to happen? Not really. Does that mean that they shouldn't be prevented? No.
"It's not going to happen" is not a valid reason to ignore security concerns and neither is "get better PC security". -
I wouldn't call it a security issue.
For the browser to work, this data needs to be stored and it needs to be readable.
I guess it could be partly solved by Vivaldi implementing a master password. But really, if you've downloaded a malicious application, then no amount of protection Vivaldi could implement will help.
-
@guigirl "I say we take off and nuke the entire site from orbit. It's the only way to be sure." - Ellen Ripley
-
Ppafflick moved this topic from Desktop on
