I ran across an interesting article about some other well-known password managers out there, like 1Password, KeePass, DashLane & LastPass.
https://www.securityevaluators.com/casestudies/password-manager-hacking/
If that's too technical, read ZDNet's summary on this article:
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/
While I was pleased Enpass wasn't on the list, I suspect it might be due to lack of significant market s
Hi @Phylum,
Sorry for the late response. Let me assert that, severity of this kind of attack is low, given the nature of the permissions, attacker requires to exploit it. This attack is only possible on a compromised system where an arbitrary process can read other process' memory and process memory protection is operating system's responsibility. A password manager or another user-space process can't defend against such attacks.
However, we have taken some steps to mitigate this kind