Hi, This is Niraj Gautam I found a way to bypass your security and view all saved passwords from Google Chrome. You have a really good feature that while viewing the saved password, a user must have to insert a windows login password but that is not effective at all. here is the way to bypass that password.
steps:
1. go to the save password list from the menu.
chrome://settings/passwords

2. click any saved URL

3. and it will redirect to that website.  and it auto fills the username and password. and  click on password>right click > inspect element >  and change type="password"  to type="text" and you can see , saved password in plain text.

4.this trick to bypass windows login works for all website. you are google. I know you can solve this issue.

##Remedy##
You can hide all the saved password list from user interface so that attacker will not easily find which site has remembered a password. OR your developer might have a great idea to protect from this attack. because for now, login windows password is not effective at all

Thank You
Niraj Gautam

 

Deleted: proof.JPG 63.1 KB

	proof.JPG 63.1 KB View Download

Deleted: proof1.JPG 75.6 KB

	proof1.JPG 75.6 KB View Download