New issue
Advanced search Search tips

Issue 609439 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Problem with the registered password

Reported by xoox.ash...@gmail.com, May 5 2016

Issue description

In french:

Bonjour , Je viens par courrier vous informer d'un problème de sécurité avec les mots de passe enregistrés , les pièces jointes <<sans titre 2 et 3>> vous montrerons qu'il est possible de voir le mots de passe caché en effectuant quelques bidouillages . en effet en effaçant "password" dans l'inspection du code source de la page,  on peu voir le mot de passe enregistré par l'utilisateur et ce, peu importe le site sur lequel j'ai enregistré mon mot de passe.



In english:

Hello, I just mail informing you of a security issue with saved passwords, attachments <<Untitled 2 and 3>> will show that it is possible to see the passwords hidden by doing some hacks. Indeed erasing "password" in the inspection of the source code of the page, we just see the password registered by the user, regardless of the site on which I recorded my password.

Thank You
 

Comment 1 by f...@chromium.org, May 6 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
Thanks for the report!

The password dots are meant as a convenience (to prevent shoulder-surfing), not as a security feature. It's expected that you should be able to see your password in DevTools. You can check out our FAQ to learn more: http://www.chromium.org/Home/chromium-security/security-faq#TOC-What-about-unmasking-of-passwords-with-the-developer-tools-

P.S. I've deleted the images, but if that was your actual password you might want to change it now.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment