New issue
Advanced search Search tips

Issue 612113 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

Can see password in the Network

Reported by singhshi...@gmail.com, May 16 2016

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36

Steps to reproduce the problem:
1. Open the gmail login page
2. Right click and select "inspect Element"
3. Fill the username and password and hit enter
4. In the Netowrk tab, hit the "stop recording network log"
5. You can still find ServiceLoginAuth file. (Timing matters)
6. ServiceLoginAuth file header contain the "Form data field where you can see the password in plain text

What is the expected behavior?
password should be encrypted or hidden.

What went wrong?
Anybody can see the username and password if he/she gains access to header details in ServiceLoginAuth.

Did this work before? N/A 

Chrome version: 46.0.2490.86  Channel: n/a
OS Version: 14.04
Flash Version: Shockwave Flash 21.0 r0

You should use an encryption logic.
 
Screenshot from 2016-05-16 14:51:39.png
249 KB View Download
Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
This is not a security vulnerability. Please see https://www.chromium.org/Home/chromium-security/security-faq#TOC-What-about-unmasking-of-passwords-with-the-developer-tools- for an explanation.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment