Document Type
Event
Start Date
23-4-2023 5:00 PM
Description
Our capstone project objective is to analyze the cybersecurity framework of popular password managers. The purpose of this project is to research vulnerabilities of the selected password managers and explore possible exploit opportunities for each of them. We chose to analyze five of the most popular password managers on the market: 1Password, BitWarden, LastPass, Google Chrome, and Firefox. We researched their known vulnerabilities and determined we would focus on Bitwarden’s PIN feature, Google Chrome, and Firefox. Upon further research, we were unable to successfully brute force Bitwarden or its PIN feature. If the PIN is enabled, it can be attempted five times before locking the user out and requiring the full master password to be entered, at which point the PIN feature would need to be enabled again. We then shifted focus to Google Chrome and were able to successfully decrypt the local Login Data file that contains user passwords using a password recovery tool named ChromePass. We attempted to use a similar password recovery tool to decrypt the local passwords file for Firefox, however it was unsuccessful due to the tool being flagged as a threat by Microsoft Defender antivirus. Overall, we would consider our capstone a success, seeing as we were able to exploit Google Chrome.
UC-339 Cybersecurity Analysis of Password Managers
Our capstone project objective is to analyze the cybersecurity framework of popular password managers. The purpose of this project is to research vulnerabilities of the selected password managers and explore possible exploit opportunities for each of them. We chose to analyze five of the most popular password managers on the market: 1Password, BitWarden, LastPass, Google Chrome, and Firefox. We researched their known vulnerabilities and determined we would focus on Bitwarden’s PIN feature, Google Chrome, and Firefox. Upon further research, we were unable to successfully brute force Bitwarden or its PIN feature. If the PIN is enabled, it can be attempted five times before locking the user out and requiring the full master password to be entered, at which point the PIN feature would need to be enabled again. We then shifted focus to Google Chrome and were able to successfully decrypt the local Login Data file that contains user passwords using a password recovery tool named ChromePass. We attempted to use a similar password recovery tool to decrypt the local passwords file for Firefox, however it was unsuccessful due to the tool being flagged as a threat by Microsoft Defender antivirus. Overall, we would consider our capstone a success, seeing as we were able to exploit Google Chrome.