I ended up here after googling for Remembear security and couldn't find much else. I did extensive research and did like Remembear the most but I also wanted to make sure their security was good too. you login to the app and you're logged in to all the different browser extensions regardless of the browser window. You have a great blog! I'm a long time user of LastPass and wanted to switch to a different manager that's app based as I switch from browser way too often and wanted a solution that was centrally managed from an app.
![remembear login remembear login](https://www.cloudwards.net/wp-content/uploads/2020/01/remembear-application.png)
: RememBear updates Firefox extension as well.macOS application is supposed to follow a week later.
Remembear login windows#
![remembear login remembear login](https://loginlockdown.com/wp-content/uploads/2019/08/remembear-generate-password.png)
Remembear login how to#
It wouldn’t know how to deal with “unusual” URL schemes, so for data:text/html,foo/:// or about:blank#:// it would return as the host name. There was one more issue: the function hostFromString() used to extract host name from URL when saving passwords was using a custom URL parser. But at least there will be some warning flags for the user along the way…
Remembear login password#
And will be able to retrieve the password later if the user triggers AutoFill functionality on their site. But instead of saving that password for it will store it for. So if in Chrome embeds a frame from and the user logs into the latter, RememBear will offer to save the password. While AutoFill doesn’t use window.getOriginUrl(), saving passwords does. It contains the list of origins for parent frames, so this function will return the origin of the parent frame if there is any – the URL of the current document is completely ignored. IsRememBearWebsite () ĭon’t know what does? I didn’t know either, it being a barely documented Chrome/Safari feature which undermines referrer policy protection. The following function was responsible for recognizing privileged websites: In case of RememBear, things turned out to be easier however.
![remembear login remembear login](https://is5-ssl.mzstatic.com/image/thumb/Purple113/v4/74/12/47/741247f5-e1e2-1a74-7bd5-c8a6fcaa1b07/source/200x200bb.jpg)
via an all too common XSS vulnerability) will give attackers access to this functionality. This is generally an issue, because compromising this website (e.g.
![remembear login remembear login](https://img.creativemark.co.uk/uploads/images/330/18330/img3File.png)
Password managers will often give special powers to “their” website. I also couldn’t fail noticing a bogus security mechanism, something that I already wrote about. Security-wise the tool doesn’t appear to be as advanced however, and I quickly found six issues (severity varies) which have all been fixed since. Technically, it is very similar to its competitor 1Password, to the point that the developers are being accused of plagiarism. And occasionally I’ll take a closer look at the tool, which is what I did with the RememBear password manager in April. Whenever I write about security issues in some password manager, people will ask what I’m thinking about their tool of choice.