Password field
Reported by
mekhilef...@gmail.com,
Jan 1 2017
|
|
Issue descriptionPRIVACY ISSUE This privacy issue is about the password written in the password field. It can be displayed in characters instead of points AND the browser will remember the password the same way it remembers Email addresses and so on. That's, of course, only if the procedure mentioned in "REPRODUCTION STEPS" below is applied. VERSION: Chrome Version: 55.0.2883.87 m Operating System: Windows 8 pro 64-bits REPRODUCTION STEPS 1. Go to the password field (logging in) of any website. 2. Right mouse click on the password field. 3. Press "Inspect". 4. In the blue highlighted line, delete the expression "type="password"" or just the word "password". 5. Press "Enter". After applying this procedure, one can not only log in, but change the password and, in my humble opinion at least, that's a clear privacy violation. This privacy issue can be demonstrated using any social media website or any website that requires a password. Let's take https://twitter.com/ for an example. |
|
►
Sign in to add a comment |
|
Comment 1 by battre@chromium.org
, Jan 2 2017