All Passwords Exposed

Feedback
#1

I use a tool called SIW (System Information for Windows–https://www.gtopala.com/). SIW is able to retrieve and display a list of all websites with passwords stored in Brave without any need for permission. This seems like a very serious security vulnerability.

I am at a loss to understand why passwords are so exposed so easily, and I am at a loss to know what to do about my own security in this situation. This must get fixed.

Remove everything about me
#2

Hello @Mr.F

just a silly question did you tried chrome

does it suffer from the same issue or is it just brave ?

thanks for sharing and answer in advance

#3

Thanks for the question. I actually haven’t used Chrome, so I don’t know.

#4

@Mr.F Brave is based on Chrome, so you are using Chrome as long as you use Brave

#5

@Mr.F,
Those claims also come along with the following caveats:

  1. Passwords are not printed / saved in reports (Don’t ask why!).
  2. SIW can only be used to recover the passwords for the current logged-on user on your local computer.
  3. SIW only works if you chose the remember your password in one of the above programs.
  4. SIW cannot extract Exchange passwords (live.com, hotmail.com, outlook.com, etc.).
  5. You cannot use this utility for grabbing the passwords of other users.
  6. Notice for Windows XP and Windows 2003 Server users: If your network has WPA encryption then the recovered password would be in 64 HEX digits BUT you can use these digits to connect to internet same as a password. This is not a bug. Windows XP can’t convert WPA back the original password. Windows Vista, Windows 7 and Windows 8 don’t have this issue. WEP passwords in Windows XP are recovered without a problem.

This is not something that is easily done either – you need this SIW tool installed on someones PC locally, then it needs to be run locally and all data saved. There are tons of software out there that will perform similar tasks.

1 Like
#6

Hello, Mattches. Thank you for the explanation of SIW. My issue is with Brave, though, whose passwords are so easily extracted. I believe that they should be encrypted so that tools (like SIW) cannot retrieve them.

#7

This topic was automatically closed after 30 days. New replies are no longer allowed.