Microsoft Edge Stores Passwords in Process Memory, Posing Risk

Security researcher Tom Jøran Sønstebyseter Rønning revealed that Microsoft Edge stores all saved passwords in cleartext in process memory, even when sites are not actively visited, allowing anyone with administrative privileges to extract these passwords and potentially escalate attacks within corporate environments. Microsoft considers this behavior “by design,” citing trade-offs between performance, usability, and security, but experts warn it poses significant risks, especially in shared or virtualized settings, and recommend organizations limit reliance on browsers for password storage and enforce strict access controls.

https://www.darkreading.com/cyber-risk/microsoft-edge-passwords-enterprise-risk

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top