Threat user password, WP8.1 version of IE has serious security vulnerabilities

Computer Store News: Windows Phone 8.1 default browser Internet Explorer has quite serious security vulnerabilities.

On web pages, the browser uses an asterisk to hide the password field —— for example, if the password is <;banter123”, enter the password in the password field, the browser will Show “* * * * * * * *”. If you copy and paste the password, the password will not be displayed and it will still display “* * * * * * * *”.

However, a Windows Phone user has discovered a serious security vulnerability in IE in this regard. If you enter the password in the password box, select the asterisk password and then use the search key to search for the selected content, the system will automatically open the Bing search or Cortana to directly search for the text password previously entered by the user instead of the asterisk.

Of course, for many users, this is not a major security issue, but the password that WP8.1 users save through IE is equivalent to being in a completely transparent state, as long as someone To get the WP user's password, just use the user's mobile phone to open some IE web pages, copy the pre-stored password and search directly.

If you want to test your Windows Phone 8.1 for security flaws, please follow the steps below:

Enter a password in the password field of the web page

Select this Segment passwords and search

You will find passwords appearing

It is worth mentioning that Microsoft has fixed this problem in Windows 10 Phone. However, we are not sure if Microsoft will solve the same problem for Windows Phone 8.1 users.