Issue metadata
Sign in to add a comment
|
Security: bypass password-protect in mac-ox to access saved password
Reported by
sys....@gmail.com,
Aug 11 2016
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Normally we should type our computer's password to access the passwords saved by chrome. However.it can be bypassed. Follow the step: 1.chrome://settings/ 2.click "Show advanced settings..." at the bottom of the screen. 3.click "Manage passwords" below the "Passwords and forms" item. 4.move mouse to any item of the hided password in the "Password" window. 5.click the cipher password and click "Show" button. 6.mac ox alert "Google Chrome is trying to show passwords.Type your password to allow this" But if we open a webpage with saved password ,Chrome will autofill password. then we use "Inspect elements" and focus on the password elements. change the attributes of the 'input' from "type=password" to "type=text". The saved password will show plaintext password. so,we can easily and soundlessly access all of the current user's accounts password saved by Chrome if we use this logic issue and urls in step3 as long as we have the change to access user's computer. VERSION Chrome Version: 52.0.2743.116 (64-bit) Operating System: OS X EI Capitan Version 10.11.6
,
Nov 17 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by och...@chromium.org
, Aug 11 2016