Issue 686158 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jan 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security

Security: Ability to change type of data on password field

Reported by tats...@gmail.com, Jan 27 2017

Issue description

In dev tools anybody can find <input> where user saved his password. This input type can be changed from password to text and saved password will be visible.
Also hackers may write extension which will change type of this form and collect password of users.
I think it should be fixed.
Example with your email login form attached.

	password.png 309 KB View Download

Comment 1 by elawrence@chromium.org, Jan 27 2017

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

Please see https://www.chromium.org/Home/chromium-security/security-faq#TOC-What-about-unmasking-of-passwords-with-the-developer-tools- and https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- for details on why this is not a security vulnerability.

►

Issue 686158 link

Issue metadata

Security: Ability to change type of data on password field

Issue description

Comment 1 by elawrence@chromium.org, Jan 27 2017

Comment 1 Deleted

Sign in to add a comment