New issue
Advanced search Search tips

Issue 889780 link

Starred by 2 users
Status: Assigned
Owner:
dvadym@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Password value logged in console when autocomplete attribute is missing

Reported by goel.pra...@gmail.com, Sep 27 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
1. Visit a webpage having a secure password field missing the autocomplete attribute.
2. If your credentials are already saved, they should be auto-populated
3. The console shows a message to add autocomplete attribute with the HTML element along with the password value

What is the expected behavior?
The value of password field should not be logged

What went wrong?
Console shows the secure field values and this allows the confidential data to be compromised

Did this work before? N/A 

Chrome version: 69.0.3497.100  Channel: stable
OS Version: 10.0
Flash Version:
chrome-password.PNG
19.0 KB View Download

Comment 1 by goel.pra...@gmail.com, Sep 27 

Attached incorrect file.
Here is the correct one.
chrome-password.PNG
19.5 KB View Download

Comment 2 by vamshi.kommuri@chromium.org, Sep 27

Labels: Needs-Triage-M69

Comment 3 by caseq@chromium.org, Sep 28

Components: -Platform>DevTools UI>Browser>Autofill

Comment 4 by se...@chromium.org, Sep 28

Components: -UI>Browser>Autofill UI>Browser>Passwords

Comment 5 by battre@chromium.org, Oct 1

Owner: vasi...@chromium.org
Status: Assigned (was: Unconfirmed)
Vasilii, I guess you are most familiar with the code?

Comment 6 by vasi...@chromium.org, Oct 1

Owner: dvadym@chromium.org
This is what Vadym's intern implemented.
I agree that the password should not be logged there.

Sign in to add a comment