At this year’s DEFCON 33, Marek Toth demonstrated how browser add-ons for various password managers can be manipulated to intercept passwords and TOTPs.
Since the list actually includes many different manufacturers, I wonder whether Netwrix is also affected?
He examined the following password manager manufacturers because they appeared in a list published by -uk.PCMag.com- entitled “The Best Password Managers for 2025.”
I read an article about this on Heise-Online (a German tech news site).
Hi Giuseppe - thanks for bringing this up, it’s a great question, and I can imagine others here are wondering the same.
We’ve reviewed the disclosure with our application security team and can confirm that Netwrix Password Secure is not affected by the clickjacking vulnerabilities shown at DEFCON.
Here’s why:
Password Secure doesn’t use in-page password selection elements that could be exploited in this way.
Our browser extension is also properly configured to prevent unauthorized access to it’s internals.
You can continue using it with confidence. Of course, we keep up our own research and will respond to potential vulnerabilities with updates and advisories.
And of course, if you (or anyone else) have more questions about this, feel free to ask here in the community — we’re always happy to clarify.
