Security: Can change password input field to text input. Saved passwords will be displayed to user.
Reported by
chris.ma...@wellcentive.com,
Aug 31 2016
|
|
Issue descriptionVULNERABILITY DETAILS If you have a saved password, you can go into Inspector Tools and change the input field type from "password" to "text" and the password is displayed. This could allow a user to surreptitiously gain access to other online services. VERSION Chrome Version: Version 51.0.2704.103 (64-bit) Operating System: Mac OS X 10.10.5 I have seen this reproduced on Windows 10 machines as well and with many different versions of Chrome REPRODUCTION CASE Steps to Reproduce: 1) Go to any site with login form 2) Enter your credentials and submit 3) Let chrome save your password 4) Logout 5) Form should be automatically filled in by Chrome 6) Right click password input field and click "Inspect" 7) Change the input type from "password" to "text" 8) Password is displayed in plain text |
|
►
Sign in to add a comment |
|
Comment 1 by elawrence@chromium.org
, Aug 31 2016Status: WontFix (was: Unconfirmed)