New issue
Advanced search Search tips

Issue 677756 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: ----



Sign in to add a comment

Password field

Reported by mekhilef...@gmail.com, Jan 1 2017

Issue description




PRIVACY ISSUE
   This privacy issue is about the password written in the password field. It can be displayed in characters instead of points AND the browser will remember the password the same way it remembers Email addresses and so on. That's, of course, only if the procedure mentioned in "REPRODUCTION STEPS" below is applied.

VERSION:
Chrome Version: 55.0.2883.87 m
Operating System: Windows 8 pro 64-bits

REPRODUCTION STEPS
1. Go to the password field (logging in) of any website.
2. Right mouse click on the password field.
3. Press "Inspect".
4. In the blue highlighted line, delete the expression "type="password"" or just the word "password".
5. Press "Enter".

   After applying this procedure, one can not only log in, but change the password and, in my humble opinion at least, that's a clear privacy violation.

   This privacy issue can be demonstrated using any social media website or any website that requires a password. Let's take https://twitter.com/ for an example.
 
chrome01.JPG
278 KB View Download
IMG_20170101_225808.jpg
986 KB View Download

Sign in to add a comment