To encourage users to use stronger and more secure pass-words, modern web browsers offer users password man-agement services, allowing users to save previously en-tered passwords locally onto their hard drives. We present Lupin, a tool that automatically extracts these saved pass-words without the user’s knowledge. Lupin allows a net-work adversary to obtain passwords as long as the login form appears on a non-HTTPS page. Unlike existing password sniffing tools, Lupin can obtain passwords for websites users are not visiting. Furthermore, Lupin can extract passwords embedded in login forms with a destina-tion address served in HTTPS. To determine the number of websites vulnerable to our attack, we crawled the top 45,000 most popular websites...
Using the internet can be a dangerous place when browsing multiple websites per day. About 80% of th...
Passwords are by far the most widely-used mechanism for authenticating users on the web, out-perform...
Although passwords are by far the most widely-used user authentication mechanism on the web, their s...
Passwords, particularly text-based, are the most common authentication mechanisms across all platfor...
We conduct a security analysis of five popular web-based password managers. Unlike “local ” password...
Copyright 2017 ACM. Login webpages are the entry points into sensitive parts of web applications, di...
Web servers that utilize password-based authentication have become large centralized password reposi...
Modern Web browsers do not provide sufficient protec-tion to prevent users from submitting their onl...
Textual passwords are still dominating the authentication of remote file sharing and website logins,...
The year 2016 has seen many reveals of successful attacks on user account databases; the most notabl...
Many Internet applications, for example e-commerce or email services require that users create a use...
Passwords are stored in the form of salted one-way hashes so that attacks on servers cannot leak the...
Web services heavily rely on passwords for user authentica-tion. To help users chose stronger passwo...
Copyright © 2015 ACM. Web services heavily rely on passwords for user authentication. To help users ...
In today’s world, taking secret word hash records and cracking the hash passwords has become extreme...
Using the internet can be a dangerous place when browsing multiple websites per day. About 80% of th...
Passwords are by far the most widely-used mechanism for authenticating users on the web, out-perform...
Although passwords are by far the most widely-used user authentication mechanism on the web, their s...
Passwords, particularly text-based, are the most common authentication mechanisms across all platfor...
We conduct a security analysis of five popular web-based password managers. Unlike “local ” password...
Copyright 2017 ACM. Login webpages are the entry points into sensitive parts of web applications, di...
Web servers that utilize password-based authentication have become large centralized password reposi...
Modern Web browsers do not provide sufficient protec-tion to prevent users from submitting their onl...
Textual passwords are still dominating the authentication of remote file sharing and website logins,...
The year 2016 has seen many reveals of successful attacks on user account databases; the most notabl...
Many Internet applications, for example e-commerce or email services require that users create a use...
Passwords are stored in the form of salted one-way hashes so that attacks on servers cannot leak the...
Web services heavily rely on passwords for user authentica-tion. To help users chose stronger passwo...
Copyright © 2015 ACM. Web services heavily rely on passwords for user authentication. To help users ...
In today’s world, taking secret word hash records and cracking the hash passwords has become extreme...
Using the internet can be a dangerous place when browsing multiple websites per day. About 80% of th...
Passwords are by far the most widely-used mechanism for authenticating users on the web, out-perform...
Although passwords are by far the most widely-used user authentication mechanism on the web, their s...