May 11, 2021

Does RAM store your credentials in plaintext?

Home Forums Does RAM store your credentials in plaintext?

This topic contains 1 reply, has 2 voices, and was last updated by  SweeTLemonS_TPR 2 weeks, 4 days ago.

  • Author
    Posts
  • #386024

    anonymous
    Participant

    If you were to take an image of a machine including the RAM does it have the credentials you can use to later log into the machine.

    When I had my IT forensics course, nothing like that was ever mentioned. However, while studying for CompTIA Security+ it mentioned something along those lines while covering network security.

    Am I misunderstanding what was being referred to? (I am asking, because I can’t find that part now)

  • #386026

    NullFigga

    Although this has already been answered by another user, but for additional context, do look at Heartbleed bug of OpenSSL. The entire vulnerability was based upon acquisition of data from the RAM (via buffer overread) without any trace. And the bug is pretty easy to understand too.

  • #386027

    FullContactHack

    Yes. At some point it has to match what you originally set.

  • #386025

    SweeTLemonS_TPR

    From the sounds of it, yes, at least sometimes. https://www.sciencedirect.com/science/article/abs/pii/S1355030620300137

    > Through an examination of logins made to 15 popular online services carried out via the Chrome, Edge and Mozilla Firefox browsers, testing shows that plain-text credentials are present in RAM in every case.

You must be logged in to reply to this topic.