New issue
Advanced search Search tips

Issue 749712 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Aug 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Facebook Logs In with invalid password

Reported by bruno.sa...@gmail.com, Jul 27 2017 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

VERSION
Chrome Version: [59.0.3071.115] 
Operating System: Linux Mint 18 Cinnamon 64bit

REPRODUCTION CASE
I was navigating as Guess in Google Chrome and I'm logged in Gmail with a wrong password. 
In particular, I added a number after my password. After some tests, I note that the same problem occurs adding a number also before the password.

Comment 1 by bruno.sa...@gmail.com, Jul 27 2017 

Note that the same problem occurs in the Facebook login process!

Comment 2 by elawrence@chromium.org, Jul 27 2017

Summary: Security: Gmail Logs In with invalid password (was: Security: Gmail LogIn)
These would not represent a security bug in Chrome, but instead an issue with the sites in question.

Surprisingly, I can log into Facebook by prepending my password with a random digit. This is an intentional feature of Facebook login for certain environments (see e.g. https://pbs.twimg.com/media/C2dGvgvWEAAienm.jpg and https://video.adm.ntnu.no/pres/54b660049af94)

I cannot, however, log into Google accounts/Gmail with a prefix or suffix.

Comment 3 by elawrence@chromium.org, Jul 28 2017

Labels: Needs-Feedback
Can you please try the GMail login again and confirm that you saw this on accounts.google.com and not just Facebook?

Comment 4 by elawrence@chromium.org, Aug 4 2017

Status: WontFix (was: Unconfirmed)
Closing due to lack of feedback. (This isn't a Chrome issue either way.)
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 11 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by elawrence@chromium.org, Mar 4 2018

Labels: -Needs-Feedback
Summary: Security: Facebook Logs In with invalid password (was: Security: Gmail Logs In with invalid password)

Sign in to add a comment