The cybersecurity researcher posted something about this on X yesterday.

aakl@infosec.exchange

The cybersecurity researcher posted something about this on X yesterday.

"Rønning clarifies that Edge decrypts every credential at startup, regardless of whether you visit a site using those credentials. This doesn't mean that one can simply access those passwords with little know-how, though. A user needs administrative access to a terminal server, which is already a major breach on a computer, but from here, "they can access the memory of all logged‑on user processes."

PC Gamer: Microsoft Edge saves passwords in cleartext 'by design' and researchers argue 'this turns into a credential harvest' on shared PCs https://www.pcgamer.com/hardware/microsoft-edge-saves-passwords-in-cleartext-by-design-and-researchers-argue-this-turns-into-a-credential-harvest-on-shared-pcs/ #Microsoft #infosec #Edge