VULNERABILITY DETAILS
When a user logs into any of the sites in Chrome browser, the user is prompted to save the credentials by Google. If the user opts for saving it, then the next time user visits that site, he/she does not have to provide the credentials. The user just has to click on Login or Submit or Sign Up button. But in this scenario, if some other user is using the system, he/she can get the password details by going into the developer's mode.
Usually, for the password field, the HTML input tag used has an attribute "type=password". If someone changes it to "type=text", then the password is clearly visible. Hence the user is vulnerable to sort of giving away his/her password to someone.

VERSION
Chrome Version: All version of Chrome
Operating System: NA

REPRODUCTION CASE
1. Open Gmail
2. Log into your account
3. Google will prompt for save credentials options. Click on Yes to save the credentials.
4. Log out of Gmail
5. Again go to Gmail page. You will find your credentials highlighted with password section showing * or dot symbol.
6. Right click on password field and click on Inspect. Developer mode of the browser will open.
7. Change the input tag attribute i.e, "type=password" to "type=text"
8. User's password will be visible
Attached is the screenshot for reference.

 

Deleted: 1.JPG 116 KB

	1.JPG 116 KB View Download

Deleted: 2.JPG 99 KB

	2.JPG 99 KB View Download