Password value logged in console when autocomplete attribute is missing
Reported by
goel.pra...@gmail.com,
Sep 27
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Steps to reproduce the problem: 1. Visit a webpage having a secure password field missing the autocomplete attribute. 2. If your credentials are already saved, they should be auto-populated 3. The console shows a message to add autocomplete attribute with the HTML element along with the password value What is the expected behavior? The value of password field should not be logged What went wrong? Console shows the secure field values and this allows the confidential data to be compromised Did this work before? N/A Chrome version: 69.0.3497.100 Channel: stable OS Version: 10.0 Flash Version:
,
Sep 27
,
Sep 28
,
Sep 28
,
Oct 1
Vasilii, I guess you are most familiar with the code?
,
Oct 1
This is what Vadym's intern implemented. I agree that the password should not be logged there. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by goel.pra...@gmail.com
, Sep 2719.5 KB
19.5 KB View Download