Closed
Bug 186072
Opened 22 years ago
Closed 22 years ago
Cookies allow to access stored passwords
Categories
(Firefox :: Address Bar, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 184436
People
(Reporter: npeninguy, Assigned: hewitt)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021214 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 A website can read stored passwords using cookies. Reproducible: Always Steps to Reproduce: 1. rm -rf ~/.phoenix 2. go to http://www.lfmm.org/phoenix/ 3. Enter login "tagada" and password "tsointsoin", check Use password manager... 4. go to http://perso.club-internet.fr/hcheli/ Actual Results: On the page you can read "Bonjour tsointsoin". Expected Results: The site should ask your name.
Comment 1•22 years ago
|
||
Same on windows with build Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5
Comment 2•22 years ago
|
||
I can reproduce the bug on Windows 2000, running Phoenix 0.5 OS-> ALL Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 I can read "Bonjour tsointsoin ! Cela fait 2 fois que vous surfez sur cette page." ('tsointsouin' being the password I entered on previous site) This is a serious security issue. Thanks to Nicolas for reporting the bug and Laurent for re-creating the first web site so we can reproduce the bug faster. Confirming.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Is this perhaps a dupe of bug 184436?
Comment 4•22 years ago
|
||
Yes, dupe. Please always try to reproduce the bug with the latest nightly before filing it. *** This bug has been marked as a duplicate of 184436 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•