{"id":16177,"date":"2026-05-05T20:01:21","date_gmt":"2026-05-05T20:01:21","guid":{"rendered":"https:\/\/newestek.com\/?p=16177"},"modified":"2026-05-05T20:01:21","modified_gmt":"2026-05-05T20:01:21","slug":"edge-browser-leaves-passwords-exposed-in-plain-text-says-researcher","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16177","title":{"rendered":"Edge browser leaves passwords exposed in plain text, says researcher"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

A Norwegian researcher has identified an issue with Microsoft Edge\u2019s Password Manager that could be a serious concern for businesses.<\/p>\n

Tom J\u00f8ran S\u00f8nstebyseter R\u00f8nning<\/a> found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a shared machine, within an organization is a potential risk.<\/p>\n

In a post on X<\/a>, R\u00f8nning\u00a0explained that when users save passwords in Edge, the browser decrypts every credential at startup and keeps it resident in process memory, regardless of whether the user visits the site.<\/p>\n

R\u00f8nning\u2019s finding was replicated by German IT publication Heise.de<\/a>, which created and saved a password and found that, even after the browser had been closed and re-opened, the password could be found in plain text.<\/p>\n

Microsoft has been nonchalant about the discovery. Norwegian website Itavisen.no<\/a> said, \u201cR\u00f8nning reported the discovery to Microsoft, and according to the company, the behavior is \u2018by design\u2019.\u201d<\/p>\n

Itavisen.no further said that R\u00f8nning plans to publish a simple tool on GitHub that allows people to see for themselves that passwords are stored in plain text in memory.<\/p>\n

Microsoft did not respond to a request for comment.<\/p>\n

David Shipley<\/a>, CEO of Beauceron Security, is not impressed with Microsoft\u2019s response. \u201cNo, it\u2019s not a feature. That\u2019s an easy way to cop out of responsibility. It\u2019s almost as bad as when firms say \u2018working as designed.\u2019 The point here, as with similar shortcomings, is convenience, speed, and avoiding investing more effort into something that they feel isn\u2019t worth mitigating,\u201d he said.<\/p>\n

The bug is an open invitation to cyber criminals, said Shipley. \u201cThe old argument is that if malware gains persistence then it doesn\u2019t make a difference, you\u2019re in trouble anyway. It\u2019s waving the white flag at cybercriminals and turning that white flag into a blank check for info stealers.\u201d<\/p>\n

Other browsers don\u2019t suffer from the issue. For example, Google Chrome, in line with security industry recommendations, offers a system called App Bound Encryption that encrypts browser data and ensures that it is not stored in process memory in plain text.<\/p>\n

It is not a foolproof system; it has been broken in the past,<\/a> but by determined hackers. The Microsoft bug, on the other hand, requires little skill to exploit.<\/p>\n

Shipley said that if Google can do a better job of securing its browser, there is no reason why Microsoft couldn\u2019t do so with Edge. \u201cIt\u2019s clearly not a technical hurdle. It\u2019s a motivational one, which shouldn\u2019t surprise anyone because Microsoft is giving away the browser. You don\u2019t pay for it, so why should they care about locking it down more than the bare minimum?\u201c<\/p>\n

Given Microsoft\u2019s attitude, users may well want to look for another password manager, something that would be more secure.<\/p>\n

This article originally appeared on Computerworld<\/a>.<\/em><\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A Norwegian researcher has identified an issue with Microsoft Edge\u2019s Password Manager that could be a serious concern for businesses. Tom J\u00f8ran S\u00f8nstebyseter R\u00f8nning found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a shared machine, within an organization is a potential risk. In a post on X, R\u00f8nning\u00a0explained that when users save passwords in… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16177","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16177"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16177\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}