Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk

Summary

A proof-of-concept exploit demonstrates that Microsoft Edge stores user passwords in process memory, allowing an attacker with administrative privileges to extract and steal them. The vulnerability poses a significant risk to enterprise environments where password security is critical. The flaw enables lateral movement and further malicious activity once credentials are compromised.

Indicators of Compromise

• malware — Edge memory password extractor (PoC)

Entities