Uncovering security bugs by chance with password generators
Password Managers as Ethical Hacking Tools
TL;DR: Security bugs often reveal themselves when you input a new password on a website. Password generators are security fuzzers.
If you're among the millions of users like me, it's likely you rely on a password generator to create accounts on new platforms, such as school websites. These password generators are built into browsers, operating systems, or standalone applications like Chrome, Safari, and KeePass. They typically generate strings using a mix of alphanumeric and other characters available directly on your keyboard. However, problems arise if the website doesn't handle these strings properly. When this occurs, it's possible you've stumbled upon a common code injection bug.
Fuzzers are standard tools used in security and quality assurance for finding injection bugs. Password generators could perfectly fall into this category. If you frequently use password generators for new websites, you may occasionally find that the password created during account setup can't be used for login. This anomaly is a golden find for security researchers. Even if you're not formally an ethical hacker by profession, you can contribute to digital security: take a moment to send a bug report to the website whenever this happens.
Thanks Magnet.