Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigptybwr4lgx7ub55uxyzu5mxsxsbuzslwcickeekru6oaiecnudy",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mla7fnhe25n2"
  },
  "path": "/t/microsoft-edge-passwords-end-up-in-memory-as-plaintext/37691#post_1",
  "publishedAt": "2026-05-07T01:41:00.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "Microsoft Edge: Passwords end up in memory as plaintext",
    "Itavisen.no",
    "X Post",
    "[1]",
    "Extracting Clear-Text Credentials Directly From Chromium’s Memory",
    "↩︎"
  ],
  "textContent": "Microsoft Edge: Passwords end up in memory as plaintext\n\n> With the password manager enabled in Microsoft Edge, we created an account with the password “Klartext-PW-Test.” To view, retrieve, or change this data, Microsoft Edge requires authentication with Windows Hello. This makes the data appear well protected.\n>\n> For verification, we closed the browser and restarted Microsoft Edge. Edge then only displayed its start page. Now, a memory dump of the browser can be created using the Task Manager. Around 670 MB ended up on the drive. Inside, a simple search with a hex editor for “Klartext” returned the entire “Klartext-PW-Test” password – the password wasn’t even used yet, but it was in plaintext in memory.\n\n> This kind of handling of passwords in process memory has not been state-of-the-art for a long time. According to common security concepts, passwords should only be decrypted at the time of use and deleted from memory very shortly thereafter.\n\n> Itavisen.no reports that Rønning received a response from Microsoft regarding the vulnerability report, stating that it was a conscious design decision and intentional.\n\nAs mentioned in the above quotes and the original article, this appears to be an intentional design decision by Microsoft.\n\nYet another reason to avoid MS Edge.\n\nI’ll also link the X Post _(Twitter)_ [1] made by Rønning to discuss this discovery.\n\nInterestingly in that X thread, someone else mentioned that this might be the same as an issue which was discovered in chromium in 2022, linking to this article: Extracting Clear-Text Credentials Directly From Chromium’s Memory\n\nSo this might not be as interesting as it appeared at first glance, though I still believe it is worth sharing here.\n\n* * *\n\n  1. Which is also linked in the above article. ↩︎\n\n\n",
  "title": "Microsoft Edge: Passwords end up in memory as plaintext"
}