Closed
Bug 1381782
Opened 7 years ago
Closed 7 years ago
password remembering in plain text
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: lingamaiah.prasad, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 Steps to reproduce: 1.There is a vulnerability having in android OS which is using Firefox browser. 2.When ever we trying to login the application using URL is www.gmail.com it will show user field and password field. 3.if success user name is there it will redirect to password field form. 4. here we will see previous login attempts which are entered either success login or failure logins too. which password is showing in plain text format. 5.after clearing the history and cache it is showing plain test format in application. please find the above images as will. 6. after deleting history second time for same URl and same account www.gmail.com. 7.then we will see previous login attempts if double click the password field which are stored in application level and which are in plain text. in previous success and failed login attempts. Actual results: Android Firefox browser having vulnerability that when a web page is being access the password it is remembering the previous entered passwords after deleting the history and cache too. it might be possible to access the private or sensitive data exchanged within the session through the web browser cache. Expected results: 1.Remove remembering passwords fields. 2.Ensure that no credentials are stored in clear text or are easily retrievable in encoded or encrypted forms in cookies.
Comment 1•7 years ago
|
||
I am not able to reproduce this behavior in Firefox for Android Nightly v56
Group: firefox-core-security
Comment 2•7 years ago
|
||
Hello, I've also tried reproducing this issue but was unsuccessful in my attempts. Leaving this open for the moment and will keep an eye open for this kind of behavior.
Comment 3•7 years ago
|
||
There is not enough info to move to confirm this bug. Closing as incomplete.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•