Issue metadata
Sign in to add a comment
|
Can see password in the Network
Reported by
singhshi...@gmail.com,
May 16 2016
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Steps to reproduce the problem: 1. Open the gmail login page 2. Right click and select "inspect Element" 3. Fill the username and password and hit enter 4. In the Netowrk tab, hit the "stop recording network log" 5. You can still find ServiceLoginAuth file. (Timing matters) 6. ServiceLoginAuth file header contain the "Form data field where you can see the password in plain text What is the expected behavior? password should be encrypted or hidden. What went wrong? Anybody can see the username and password if he/she gains access to header details in ServiceLoginAuth. Did this work before? N/A Chrome version: 46.0.2490.86 Channel: n/a OS Version: 14.04 Flash Version: Shockwave Flash 21.0 r0 You should use an encryption logic.
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, May 16 2016Status: WontFix (was: Unconfirmed)