A Norwegian cybersecurity researcher recently spotted that passwords in Microsoft Edge are saved in memory in cleartext. Thus exposing all passwords to anyone that might wish to peek behind the curtain, providing they can gain access to the PC through other means, including a shared admin.
The researcher, Tom Jøran Sønstebyseter Rønning, says, "Edge is the only Chromium‑based browser I’ve tested that behaves this way."
When Rønning reported this to Microsoft, they were reportedly told this behaviour is "by design."
Rønning clarifies that Edge decrypts every credential at startup, regardless of whether you visit a site using those credentials. This doesn't mean that one can simply access those passwords with little know-how, though. A user needs administrative access to a terminal server, which is already a major breach on a computer, but from here, "they can access the memory of all logged‑on user processes."
Importantly, one could hav...
English (US)