Issue metadata
Sign in to add a comment
|
Password crack can be done using right click if user remembers password in browser
Reported by
saip...@gmail.com,
Jul 11 2016
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Steps to reproduce the problem: Password crack that can be done just by a right click of a mouse on Google Chrome Browser Most of the users have a tendency to remember password for most of their application on their desktop or a laptop. The following steps would help a hacker to get the password of all the applications, irrespective of having a two factor authentication in place if the hacker can get hold of an unlocked system or a system whose master login password has been compromised. 1. Type in any of the application ( Ex. Gmail in our scenario) 2. Type in the username and password. 3. Click on the remember password checkbox. 4. Perform 2 factor authentication 5. Login to the application. a. Perform some activity( not mandatory) 6. Logout from the application 7. Now Right click on the browser area 8. Select “inspect” or ”F12” 9. Select an element page 10. Select the required text field you want to make it visible( Here in our example it is Gmail password) 11. Change the input field [ type=”password” ] and change it to [ type=”show” ] 12. The password is instantly visible in the password field. Other Browsers: IE and Mozilla have a similar issue. But when ICICI banking application is used in IE, the password does not populate in the password field (though it gets updated in the source code input field = “value”. Can this be addressed to make Google Chrome a secure browser???? What is the expected behavior? browser should not reveal password details or disable right click and keyboard short cut can also be disabled What went wrong? Password crack that can be done just by a right click of a mouse on Google Chrome Browser information security breach might happen Did this work before? No Chrome version: 51.0.2704.103 Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 22.0 r0 Please feel free to revert for any further inputs from my end.
,
Jul 13 2016
event thought it is a security breach right y chrome is not taking care about it
,
Oct 19 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by palmer@chromium.org
, Jul 13 2016