Closed
Bug 1285169
Opened 8 years ago
Closed 8 years ago
Stored passwords can be viewed without retyping the master password when chanhing type="password" attribute by type="text" with Firebug or Inspector
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 443345
People
(Reporter: attatt, Unassigned)
Details
Attachments
(1 file)
|
(deleted),
image/png
|
Details |
passwort_anzeigen_ohne_masterpasswort.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160601155443
Steps to reproduce:
Go to a Site wehre you have a password stored. Type in your Username. Then the Corrosponding Password field gets filled with your stored Password.
Now use Firebug to inspect the Password field. Replace the type="password" attribute by type="text".
Actual results:
The stored password ist displayed.
Expected results:
The stored password should not be displayed.
Im using a master-password. To view the stored password in the settings, i need to retype the master-password. With the method above, i can see the password without retyping the master-password.
|
Reporter | |
Updated•8 years ago
|
Component: Untriaged → Security
OS: Unspecified → Windows 7
Hardware: Unspecified → x86_64
Summary: Stored passwords can be viewed without retyping the master password → Stored passwords can be viewed without retyping the master password when chanhing type="password" attribute by type="text" with Firebug or Inspector
|
||
Comment 1•8 years ago
|
||
I believe this is true in every browser (I just tested in Safari) and it's somewhat required to actually work as a password manager. Bug 443345 or maybe bug 653132 would mitigate this somewhat.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•