Issue metadata
Sign in to add a comment
|
Security: Being able to access Chrome Remote Desktop computers when the Chrome User's password was changed.
Reported by
oscar.bj...@gmail.com,
Nov 17 2016
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS I was able to access a remote desktop computer through one of my chrome profiles even after the password of the chrome profile was changed. VERSION Chrome Version: 54.0.2840.98 + stable Operating System: OSX El Capitan (Version 10.11.6 (15G31) ) REPRODUCTION CASE Open REPRODUCEBUG.txt.
,
Nov 21 2016
,
Nov 21 2016
It's not clear what the problem is. Steps in REPRODUCEBUG.txt say the following: 6. Log into the new profile again. 7. Without logging in with the email, access the Chrome Remote Desktop app. These two steps contradict each other. The app is part of the chrome profile, so once you log in into the profile the app gets the new credentials as well. Tried reproducing the bug, and I see that password change is handled appropriately.
,
Nov 21 2016
oscar.bjure98: Can you please clarify the question in comment #3?
,
Nov 29 2016
Please re-open this if you have more information to provide. Otherwise, WontFixing for now. :)
,
Mar 7 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mea...@chromium.org
, Nov 18 2016Owner: sergeyu@chromium.org
Status: Assigned (was: Unconfirmed)