Open
Bug 312321
Opened 19 years ago
Updated 20 days ago
on ftp user:password@site is not hidden in download-managers source column
Categories
(SeaMonkey :: Security, defect)
Tracking
(Not tracked)
NEW
People
(Reporter: pbm.de, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.7.10) Gecko/20050716 Build Identifier: Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.7.10) Gecko/20050716 If logging into ftp page the classic way (ftp://user:password@somewhere.com) the user and password are permanantly visible in download-managers source column (not whiped after download finished). Same problem with the browsers history window. This might be a security flaw, cause no one wants username and corresponding passwords be visible to other users on the machine. Seems to be independent of OS. Reproducible: Always Steps to Reproduce: 1.Type in an ftp address in the classical way: ftp://user:password@ftp.adr 2.Complete address including username/password ist stored in the most recently visited sites. 3.If a download is started the complete address including username/password is visible and stored in the source column of download-manager Actual Results: After downloading or looking in site history username/password is still visible to other users of this machine. Expected Results: User/Password@ should be deleted after download has ended. User/password@ should not be visible in site history.
Comment 1•19 years ago
|
||
The history part is bug 130327
Group: security
Status: UNCONFIRMED → NEW
Depends on: 130327
Ever confirmed: true
Summary: on ftp user:password@site is not hidden in download-managers source column; same in browsers history → on ftp user:password@site is not hidden in download-managers source column
Comment 2•16 years ago
|
||
Can you reproduce with SeaMonkey v1.1.9 ? Can you reproduce with SeaMonkey v2.0a1pre ?
Assignee: dveditz → nobody
Version: unspecified → 1.7 Branch
Reporter | ||
Comment 3•16 years ago
|
||
(In reply to comment #2) > Can you reproduce with SeaMonkey v1.1.9 ? > Can you reproduce with SeaMonkey v2.0a1pre ? > Reproducable with SeaMonkey v1.1.9, not tested with v2.0a1pre
Updated•20 days ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•