Issue metadata
Sign in to add a comment
|
Security: Password field is not encrypted and it is visible from the console
Reported by
popcatal...@gmail.com,
Sep 18
|
||||||||||||||||||||
Issue descriptionWhen I type a password in the Gmail login screen, if I press F12, i am able to find the password text that I typed in the console. It does not matter if the password field is hidden or not. This can be a major vulnerability passwords can be stolen. Steps to reproduce: 1. Open gmail.com 2. Type user account and advance to the next screen 3. Type SECURITYVULNERABILITY in the password field - hidden characters 4. Press F12 and perform a search by SECURITYVULNERABILITY Notice that the text is displayed without any encryption. The user i also able to expand divs and reach the password field text without perfoming a search. I attached 2 screenshots. First one is from Gmail and the second is from Yahoo mail where the password field text is not displayed in the console. The issue is reproducible also in Incognito mode. Verified on: Microsoft Windows 10 Enterprise Google Chrome 68.0.3440.106 (Official Build) https://bugs.chromium.org/hosting/settings
,
Sep 18
,
Dec 25
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by rsesek@chromium.org
, Sep 18Status: WontFix (was: Unconfirmed)