New issue
Advanced search Search tips

Issue 756080 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug-Security



Sign in to add a comment

Raw password stored in browser

Reported by snehashi...@gmail.com, Aug 16 2017 
Steps to reproduce the problem:
1. Open firefox
2. Access gmail
3. Give mail id
4. Give password
5. Press F12
6. Go to network tab
7. Check parameters value

What is the expected behavior?
Raw password is stored in browser instead of encrypted. I can run the page with disabled JavaScript as well.

What went wrong?
I think sensetive data like password should be encrypted .

Did this work before? N/A 

Chrome version: 50.0.2661.89  Channel: n/a
OS Version: 
Flash Version:
Gmail.PNG
74.9 KB View Download

Comment 1 by snehashi...@gmail.com, Aug 16 2017 

It seems its a bug . When we filled password field and submit it if it's stored in browser raw data instead of encryption at client side malicious code can hack the raw password . Even I'm not sure it's just my point of view . I have noticed and like to highlight you .

Comment 2 by tsepez@chromium.org, Aug 16 2017

Status: WontFix (was: Unconfirmed)
Thanks for your report.  This is the most frequently reported misunderstanding of the browser security model.  See https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#What-about-unmasking-of-passwords-with-the-developer-tools
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 23 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment