Summary
Microsoft Edge stores all saved passwords in cleartext within process memory upon startup, a behavior Microsoft describes as 'by design' despite the risk of credential harvesting in shared environments like terminal servers.
Take Action:
Stop using the built-in browser password manager for sensitive corporate accounts and switch to a dedicated password managers. Especially for Edge. Microsoft considers this cleartext memory storage a feature, so your only protection is to disable the browser's password saving functionality entirely.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)