New issue
Advanced search Search tips

Issue 897718 link

Starred by 1 user

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug

Blocking:
issue 771657



Sign in to add a comment

Password manager stores the wrong (hashed?) password

Reported by ekna...@gmail.com, Oct 22

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
1. Login to online banking at www.leumi.co.il
2. Click to save the password
3. In the password manager the password saved is not the string but probably it's hashed version

What is the expected behavior?

What went wrong?
The password manager doesnt save the string password but the hashed phrase.

Did this work before? N/A 

Chrome version: 69.0.3497.100  Channel: n/a
OS Version: 10.0
Flash Version:
 
Labels: Needs-Triage-M69
Components: UI>Browser>Passwords
Cc: phanindra.mandapaka@chromium.org
Labels: Triaged-ET Needs-Feedback
eknafel@Thanks for filing the issue...

@Reporter : As per comment #0, Navigated to given ( www.leumi.co.il ) link and the page asking for Login to your account. It would be really helpful if a sample credentials is provided, so that we can investigate the issue further.

Thanks.!

That would be difficult as the credentials would log you into my banking account :)

Project Member

Comment 5 by sheriffbot@chromium.org, Oct 23

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Blocking: 771657
Labels: -Pri-2 Hotlist-Polish Pri-3
Status: Available (was: Unconfirmed)
Thanks for the report!
No need to share credentials, of course :).

Steps to reproduce the issue:

(1) Go to www.leumi.co.il, click on עסקי
(2) In the new window, click the button with the lock icon.
(3) Type something in the two fields, click the (other) lock icon in the top-right corner of the window, click the eye icon in the opened bubble

The displayed password is different from what was typed.


Chrome has some mechanisms to record what user typed into the password instead of what the page scripts might have changed it to, but this site seems to have bypassed that. Interesting!
Yes! Thatas the great way to reproduce it!
Btw, previously, it used to work... I dont know if something was changed in Chrome or in this site

Sign in to add a comment