you can find pasword using htm file
Reported by
budnik...@gmail.com,
Nov 6 2017
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Steps to reproduce the problem: 1. pres f12 2. if password is saved select password box 3. changed type="password" to type= "text" in html file 4. now you can see password as a string instead of dots What is the expected behavior? you can look up someones saved password in html source code using opera chrome or mozila What went wrong? my password is very well known now ;) Did this work before? N/A Chrome version: 61.0.3163.100 Channel: n/a OS Version: 10.0 Flash Version: I would like to know if you are wiling to fix, and if you can please contact me, thank you.
,
Nov 7 2017
I'm very new to Chromium, so I don't know for sure, but I doubt this will be fixed. There is only a certain amount of protection that a client can provide against a compromised machine, and consequently, preventing tricks like this only provides a false sense of security. It'd be super easy to work around even if this were to get patched; for example, some JavaScript could be run in the console to get the value of the input field.
,
Nov 8 2017
,
Nov 16 2017
Considering the above issue as feature request and marking it as untriaged. Thanks
,
Dec 27 2017
HTML's <input type="password"> doesn't guarantee any security like this. By using developer tools (or extension) you can do whatever like this. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ligim...@chromium.org
, Nov 6 2017