Issue metadata
Sign in to add a comment
|
Getting site passwords from saved passwords without using windows password
Reported by
janne.artama@visma.com,
May 18 2018
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Steps to reproduce the problem: 1. Use saved passwords or password manager, ie lastpass 2. developer tools 3. go to page that you have a password stored to lastpass 4. Let lastpass/onepass/chrome fill in the password 5. Select with developer tools the password field 6. Replace in the input type="password" to something else 7. it will show you the password What is the expected behavior? This will let you see the passwords stored in passwordvaults and browser without password What went wrong? This makes the use of password vaults and stored passwords useless because anybody can get their hands on that sites password Did this work before? N/A Chrome version: 66.0.3359.139 Channel: n/a OS Version: 10.0 Flash Version:
,
Aug 24
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, May 18 2018Mergedinto: 126398
Status: Duplicate (was: Unconfirmed)