Severe flaws in password managers let hackers extract clear-text passwords