"Vulns in Android WebView, Password Managers Can Leak User Credentials"

Researchers have shown that most popular password managers can leak credentials from Android devices when using the mobile operating system's WebView autofill function with malicious apps. Ankit Gangwal of the International Institute of Information Technology (IIIT) demonstrated how mobile apps that use WebView controls can leak passwords from many password managers. In a paper, Gangwal and his students Shubham Singh and Abhijeet Srivastava detail the "AutoSpill" credential-leaking vulnerability. According to Gangwal, he and his team discovered that the top ten password managers are vulnerable to AutoSpill. This article continues to discuss the AutoSpill credential-leaking vulnerability. 

Dark Reading reports "Vulns in Android WebView, Password Managers Can Leak User Credentials"

Submitted by grigby1

Submitted by grigby1 CPVI on