Proton Pass Retains Passwords in Cleartext Form in Memory

[[correlate]]

Content source

https://restoreprivacy.com/proton-pass-retains-passwords-in-cleartext-form-in-memory/

The Proton Pass password manager follows the bad practice of keeping unencrypted usernames and passwords in the computer’s memory.
To make matters worse, this sensitive data is not wiped from the memory when the vault is locked post-login, making it susceptible to exfiltration by info-stealer malware or attackers with physical access to the target machine.

Proton Pass Retains Passwords in Memory

The Proton Pass password manager follows the bad practice of keeping unencrypted usernames and passwords in the computer's memory.

restoreprivacy.com

 

[ForgottenSeer 103564]

Proton Pass Retains Passwords in Memory

The Proton Pass password manager follows the bad practice of keeping unencrypted usernames and passwords in the computer's memory.

restoreprivacy.com

Hard to believe the good folks over at CERN and Proton AG would allow one of their applications to do something as such, but is a reminder of why i do not trust many password manager applications now days.

 

[lyldz]

I hope now they have a better understanding of how good a password manager 1password is.

 

[I Walk MY Way]

Proton Pass you bad boys, now go stand in the corner and think about what u did.....

 

[simmerskool]

what's the current version and has Proton fixed this memory security faux pas (pardon my French)

 

[Ink]

what's the current version and has Proton fixed this memory security faux pas (pardon my French)

No.

Proton_Team • 2 mo. ago • Edited 1 mo. ago

We have updated the pinned post above to give more information. The short version is that this is not actually a bug as it is normal behavior for all password managers.

Visit the Reddit link via Hot Take - Proton Pass response to unencrypted data in main memory