One thing to keep in mind about how these vaults work, is you often unlock them and then they stay unlocked for a short period of time, like 5 minutes. So if you do compromise a system and can detect when it is unlocked, you have a decent window to programmatically extract credentials.
That said, it requires that your system has already been completely owned, pretty much. At that point, it could potentially log keystrokes and clipboard, and get credentials, including your master password.
Right. If you have malware on your computer, you might as well assume that every part of the computer, and everything it can connect to, is compromised.
One thing to keep in mind about how these vaults work, is you often unlock them and then they stay unlocked for a short period of time, like 5 minutes. So if you do compromise a system and can detect when it is unlocked, you have a decent window to programmatically extract credentials.
That said, it requires that your system has already been completely owned, pretty much. At that point, it could potentially log keystrokes and clipboard, and get credentials, including your master password.
Right. If you have malware on your computer, you might as well assume that every part of the computer, and everything it can connect to, is compromised.