Issue metadata
Sign in to add a comment
|
Security: It's possible to see saved passwords in your browser without authentication
Reported by
krystian...@gmail.com,
Mar 19 2016
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS It's possible to see saved passwords in your browser without authentication VERSION Chrome Version: [49.0.2623.87] + [stable] Operating System: [Windows 7, Home Premium, Service Pack 1] REPRODUCTION CASE Normally to see saved passwords we have to open chrome://settings/passwords and after clicking a button attached to password we have to type Window's user's password, but we can bypass this by using simple method: 1. Read the username and site's address. 2. Open a site 3. Type username in login input 4. Password should appear but still encrypted 5. Now to see a password as plain text we just have to change input type from password to text in the html editor and we see our saved password (It probably works on every site like Facebook.com or Gmail.com)
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mea...@chromium.org
, Mar 20 2016Status: WontFix (was: Unconfirmed)