New issue
Advanced search Search tips

Issue 763625 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Sep 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Bug with multiple credentials

Reported by fayazdi...@gmail.com, Sep 9 2017

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

I have two gmail accounts with the same password. If I use account A to login where it says email I can then select account B's password from the drop down box and it will allow me to log in and vice versa. An account can potentially be logged into if you have the same password.

VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev]
Operating System: [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]

 
Components: UI>Browser>Passwords
Labels: Needs-Feedback
Summary: Security: Bug with multiple credentials (was: Security: Bug)
It is expected behavior that if you have the username and password for an account, you can log into that account.

Can you please explain, step-by-step, the set of actions that leads to a behavior that is surprising?
Status: WontFix (was: Unconfirmed)
Sounds like this is referring to chrome's password manager.  It is indeed WAI, since you can select which account to use for the password-filling.
Project Member

Comment 3 by sheriffbot@chromium.org, Dec 19 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment