Issue metadata
Sign in to add a comment
|
Security: Unmask passwords with devtools
Reported by
hgilv...@gmail.com,
Sep 20 2017
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36 Steps to reproduce the problem: 1. Inspect in the browser on top of the textbox "Password" 2. Change HTML code to type "Text" as per attachment What is the expected behavior? Allow to view passwords stored in the browser in encrypted form and / or open the windows password request box before displaying the saved password. What went wrong? Allow to view saved passwords in browser without any kind of security. Because any malicious person with access to the machine will be able to view the saved passwords. Did this work before? No Chrome version: 61.0.3163.91 Channel: stable OS Version: 10.0 Flash Version:
,
Sep 20 2017
https://dev.chromium.org/Home/chromium-security/security-faq#TOC-What-about-unmasking-of-passwords-with-the-developer-tools-
,
Sep 20 2017
Please see https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#What-about-unmasking-of-passwords-with-the-developer-tools for an explanation of why this is not considered a security vulnerability.
,
Dec 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Sep 20 2017