New issue
Advanced search Search tips

Issue 691914 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Able to see my gmail password when Network tab is opened to see the requests

Reported by thotakur...@gmail.com, Feb 14 2017 
VULNERABILITY DETAILS
I think exposure of password in network requests will be quite easy to identify a user's password. I have been thinking of this for a long time like how not show user's password in a network request. I thought of how google does but unfortunately, I am able to see my password in the network request. I am attaching my screenshot for reference. Probably I think some feature should be added so that password will be masked when sending a request.

VERSION
Chrome Version: 56.0.2924.87
Operating System: Windows 7

REPRODUCTION CASE
Just try logging into Gmail with Network tab opened and see a request called password. In that, you can see your own password without any masking

Comment 1 by elawrence@chromium.org, Feb 14 2017

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
Yes, this is working as intended. This is just one of a nearly infinite number of ways in which you can "hack" yourself.

Please see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- for more details.

Sign in to add a comment