Closed Bug 186072 Opened 22 years ago Closed 22 years ago

Cookies allow to access stored passwords

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 184436

People

(Reporter: npeninguy, Assigned: hewitt)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021214 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 A website can read stored passwords using cookies. Reproducible: Always Steps to Reproduce: 1. rm -rf ~/.phoenix 2. go to http://www.lfmm.org/phoenix/ 3. Enter login "tagada" and password "tsointsoin", check Use password manager... 4. go to http://perso.club-internet.fr/hcheli/ Actual Results: On the page you can read "Bonjour tsointsoin". Expected Results: The site should ask your name.
Same on windows with build Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5
I can reproduce the bug on Windows 2000, running Phoenix 0.5 OS-> ALL Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 I can read "Bonjour tsointsoin ! Cela fait 2 fois que vous surfez sur cette page." ('tsointsouin' being the password I entered on previous site) This is a serious security issue. Thanks to Nicolas for reporting the bug and Laurent for re-creating the first web site so we can reproduce the bug faster. Confirming.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Yes, dupe. Please always try to reproduce the bug with the latest nightly before filing it. *** This bug has been marked as a duplicate of 184436 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.