New issue
Advanced search Search tips

Issue 595131 link

Starred by 1 user
Status: Duplicate
Merged: issue 108716
Owner: ----
Closed: Mar 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Source code update

Reported by sydneigo...@gmail.com, Mar 15 2016 
VULNERABILITY DETAILS
O problema ocorre ao acessar uma página de autenticação com os dados de acesso recuperados pelo Chrome

VERSION
Chrome Version: Versão 48.0.2564.116 (64-bit) stable
Operating System: OS ElCapitan 10.11.2

REPRODUCTION CASE
Ao carregar a página de acesso, por exemplo, a um Painel de Controle de gerenciamento de sites, são solicitados os dados de autenticação. Ao acessar os navegadores oferecem a possibilidade de gravar os dados de acesso para futuras autenticação.

Com esses dados carregados e pronto para o acesso, clico com o botão direito do mouse sobre o campo de senha e seleciono a opção inspecionar.

Ao exibir o código fonte da página temos a opção de alterar os parâmetros de qualquer conteúdo da página, inclusive o tipo de campo de password para text.

Dessa forma o conteúdo do campo, a senha, será exibido.

Favor informar se esse conteúdo está selecionado para receber o prêmio de US$ 100mil da descoberta de falhas no Chrome conforme link abaixo.

http://www.24horasnews.com.br/noticias/ver/google-pagara-us-100-mil-para-quem-achar-falhas-no-chrome.html

Comment 1 by mea...@chromium.org, Mar 16 2016

Mergedinto: 108716
Status: Duplicate (was: Unconfirmed)
Translation:
"VULNERABILITY DETAILS
The problem occurs when accessing an authentication page with access data retrieved by Chrome

VERSION
Chrome Version: 48.0.2564.116 version (64-bit) stable
Operating System: OS ElCapitan 10.11.2

REPRODUCTION CASE
Loading access page, for example, the Control Panel of site management, authentication data is requested. By accessing the browsers offer the possibility to record the access data for future authentication.

With these loaded and ready for data access, right-click on the Password field and select the preview option.

When viewing the page source code have the option to change the parameters of any page content, including the type of password to text field.

Thus the contents of the field, the password will be displayed.

Please indicate whether this content is selected to receive the US $ 100mil award of fault finding in Chrome as link below.

http://www.24horasnews.com.br/noticias/ver/google-pagara-us-100-mil-para-quem-achar-falhas-no-chrome.html"

sydneigomes@: I believe what you are reporting is  bug 108716 , merging into it.
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 22 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment