When I log into my email account through a browser and open an email which exploits some vulnerability in my browser would it be possible for the attacker to take over my account? Passwords for full disk encryption are saved somewhere in the memory. I guess the same applies for browsers and passwords too but I'm not sure if user level access is enough to extract the password. Of course it would be possible to install a backdoor which logs the password on the next login, but suppose the attacker has only one shot to gather the password.
Asked
Active
Viewed 168 times
1 Answers
1
Yes, it is possible for an attacker to access your account.
Assuming your computer has been compromised, the attacker could easily gain access to your different accounts.
Different ways exist, such as retrieving the session cookies. Although they won't get your password, they could get directly logged in your account. (If you were already logged in.)
Other techniques includes grabbing the credentials stored in your browser, running a keylogger (as you mentioned), etc.
Yuriko
- 941
- 1
- 6
- 21