Which Windows process would an attacker target to steal credentials from a user who logs into applications with a Password Manager?
Which Windows process would an attacker target to steal credentials from a user who logs into applications with a Password Manager?
An attacker would target the clipboard to steal credentials from a user who logs into applications with a Password Manager. Password managers frequently use the clipboard to copy and paste passwords. In Windows, any process has access to the clipboard data, allowing an attacker to retrieve and manipulate clipboard contents, including copied passwords.
Correct answer: A Although there have been vulnerabilities in many of the popular password managers, it is uncommon for a password manager to include a vulnerability that allows an attacker to circumvent the password storage mechanism. However, password managers share a single common vulnerability: The use of the clipboard. In both Windows and macOS, any other process has access to the clipboard data, including the ability to retrieve and manipulate the clipboard contents. Reference: 504.5 Evasive and Post-Exploitation Attacks p. 64