this post was submitted on 06 May 2026
116 points (100.0% liked)

Technology

6725 readers
1200 users here now

Which posts fit here?

Any news that are at least tangentially connected to the technology, social media platforms, informational technologies or tech policy.

Post guidelines

[Opinion] prefixOpinion (op-ed) articles must use [Opinion] prefix before the title.

Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago
MODERATORS
BrikoX@lemmy.zip
116
Edge may reportedly leak all your passwords easily and Microsoft says it's "by design" (www.neowin.net)
submitted 4 days ago by BrikoX@lemmy.zip to c/technology@lemmy.zip
9 comments fedilink hide all child comments
 

Edge stores passwords in plaintext memory at startup; a tool has been released to test against the flaw.

you are viewing a single comment's thread
view the rest of the comments
[–] kogasa@programming.dev 17 points 4 days ago* (last edited 4 days ago) (1 children)

Seems like a pretty basic security precaution to avoid loading decrypted secrets into memory before they're needed. Someone who can access application memory can already own you but there isn't really a good reason why they should be able to access secrets that you never accessed while they were in.

I wouldn't say it's an alarming flaw, just seems weirdly and unnecessarily unsafe

[–] possiblylinux127@lemmy.zip 2 points 3 days ago (1 children)

At some point they will need to be decrypted anyway

I think this was done for performance and simplicity

[–] kogasa@programming.dev 2 points 3 days ago

Yep, and at that point they will be in memory until a reasonable time to clean up. But decrypting the whole password database and leaving it there forever seems needlessly unsafe.