Password Manager Vendors Respond to Sniffing Vulnerability AllegationsByBill Toulas-22 February 2019.802 Developers of Ise’s recently tested password managers react to the allegations. LastPass released a patch but excluded Ise researcher from their bug bounty after disclosure through the study was not approved. Detailed study on how safe the top password manager software are against sniffing attacks as we reported two days back. The study focused on popular and widely used items such as 1Password Dashlane KeePass and LastPass, concluding that none are safe enough. The study findings have shown that it would be possible for an attacker who knows what they are doing to get the passwords from the memory strings when the devices are not in use to introduce keylogging and clipboard management in those tools. The Ise study caused a stir in the community as planned and while the researchers also recommended using password managers finding some critical flaws in how these devices function was not very promising. The creators of the above tools responded by making official statements on their respective websites as well as on Zdnet playing down the study and how the results were handed out to the public. Ceo Emmanuel Schalit of Dashlane stated the following: “We respectfully disagree with the argument of the researcher that Dashlane or anyone else can really fix this. Once an attacker ends up having access to anything on the computer once the operating system or software is compromised and there is no way to effectively avoid it. There are approaches that amount to ‘ putting the details under the rug ‘ but any attacker sufficiently sophisticated to take control of the user’s device remotely would go around these solutions very quickly. “Cto of LastPass Sandor Palfy made the following statement:” This specific weakness in LastPass for Applications is our legacy local Windows Application (which account is our current Windows Application); To read an application’s memory an attacker would need local access and admin privileges to the compromised device. We have already introduced LastPass for Applications modifications designed to mitigate and minimize the risk of the potential attack described in the study. In order to mitigate the possibility of compromise when LastPass for Applications is in a locked state, LastPass for Applications will now shut down the program when the user logs out clearing the memory and leaving nothing behind. “Finally, a representative from KeePass said:” For some operations, KeePass will unencrypt sensitive data in the process memory. For example, in order to display a password in Windows ‘ regular list view control, KeePass must provide the cell content (the password) as an unencrypted string (unless hiding using asterisks is enabled). “for more fresh tech news such as this.