All Passwords Exposed

Mr.F · September 2, 2020, 4:04pm

I use a tool called SIW (System Information for Windows–https://www.gtopala.com/). SIW is able to retrieve and display a list of all websites with passwords stored in Brave without any need for permission. This seems like a very serious security vulnerability.

I am at a loss to understand why passwords are so exposed so easily, and I am at a loss to know what to do about my own security in this situation. This must get fixed.

justsomeone1 · September 2, 2020, 4:20pm

Hello @Mr.F

just a silly question did you tried chrome

does it suffer from the same issue or is it just brave ?

thanks for sharing and answer in advance

Mr.F · September 2, 2020, 4:42pm

Thanks for the question. I actually haven’t used Chrome, so I don’t know.

macfanol · September 3, 2020, 3:59pm

@Mr.F Brave is based on Chrome, so you are using Chrome as long as you use Brave

Mattches · October 1, 2020, 4:13pm

@Mr.F,
Those claims also come along with the following caveats:

Passwords are not printed / saved in reports (Don’t ask why!).

SIW can only be used to recover the passwords for the current logged-on user on your local computer.

SIW only works if you chose the remember your password in one of the above programs.

SIW cannot extract Exchange passwords (live.com, hotmail.com, outlook.com, etc.).

You cannot use this utility for grabbing the passwords of other users.

Notice for Windows XP and Windows 2003 Server users: If your network has WPA encryption then the recovered password would be in 64 HEX digits BUT you can use these digits to connect to internet same as a password. This is not a bug. Windows XP can’t convert WPA back the original password. Windows Vista, Windows 7 and Windows 8 don’t have this issue. WEP passwords in Windows XP are recovered without a problem.

This is not something that is easily done either – you need this SIW tool installed on someones PC locally, then it needs to be run locally and all data saved. There are tons of software out there that will perform similar tasks.

Mr.F · October 1, 2020, 4:33pm

Hello, Mattches. Thank you for the explanation of SIW. My issue is with Brave, though, whose passwords are so easily extracted. I believe that they should be encrypted so that tools (like SIW) cannot retrieve them.

system · October 2, 2020, 4:05pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Due to this security issue, I need to go back to firefox and chrome Desktop Support windows	6	400	June 25, 2021
I think my PC was hacked. After my antivirus detected a trojan, all saved passwords were erased from Brave's password manager. Is there a way I can recover the passwords? browser	3	334	August 31, 2023
Lost all passwords to window update but ive managed to recover Browser Support windows	4	922	July 15, 2023
Emergency LOST ALL MY PASSWORDS TODAY Browser Support windows	16	235	November 10, 2024
Lost my brave passwords ONLY after computer got taken to into shop Desktop Support windows	22	673	July 6, 2023
Salvaging browser history,login info etc from old files sync	2	377	November 12, 2022
All Saved Passwords Are Gone - Seeking Recovery Solution Browser Support windows	6	1321	July 26, 2021
Wanting better saved-password security with Brave's built-in manager Desktop Requests	4	1059	August 2, 2019

All Passwords Exposed

Related topics