Saved passwords for a particular site can be seen by others using the same machine

RESOLVED WONTFIX

Status

()

Firefox
Untriaged
RESOLVED WONTFIX
8 months ago
8 months ago

People

(Reporter: Saif Ali, Unassigned)

Tracking

54 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

8 months ago
Created attachment 8900249 [details]
pass_bug.jpg

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170628075643

Steps to reproduce:

After entering an email id in the email field of a site., when the autofill pops up choose the corresponding email ID and the password gets autofilled.
Then type in an extra character and sign up using the incorrect password. 
The save password option pops up and there click on show password option.


Actual results:

The actual saved password can be seen then with the extra incorrect character.
This way anyone using the same machine can find out another user's password.


Expected results:

The old password should not be visible.

Comment 1

8 months ago
This is an expected part of how saved passwords work, and there is no reasonable solution to this problem. Saved passwords are also accessible in the preferences and using the developer tools. The long and short of it is: don't give someone you don't trust access to a running instance of Firefox (or Chrome, or Edge, or ...) that knows your password(s).

If you share the machine with people you wouldn't want to have access to your passwords or accounts, use separate OS user accounts and do not leave your machine unattended at any time.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.