Closed Bug 1393018 Opened 7 years ago Closed 7 years ago

Saved passwords for a particular site can be seen by others using the same machine

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
54 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: crossfire.saif, Unassigned)

Details

Attachments

(1 file)

pass_bug.jpg
152.34 KB, image/jpeg
Details
Attached image pass_bug.jpg 
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170628075643

Steps to reproduce:

After entering an email id in the email field of a site., when the autofill pops up choose the corresponding email ID and the password gets autofilled.
Then type in an extra character and sign up using the incorrect password. 
The save password option pops up and there click on show password option.


Actual results:

The actual saved password can be seen then with the extra incorrect character.
This way anyone using the same machine can find out another user's password.


Expected results:

The old password should not be visible.
This is an expected part of how saved passwords work, and there is no reasonable solution to this problem. Saved passwords are also accessible in the preferences and using the developer tools. The long and short of it is: don't give someone you don't trust access to a running instance of Firefox (or Chrome, or Edge, or ...) that knows your password(s).

If you share the machine with people you wouldn't want to have access to your passwords or accounts, use separate OS user accounts and do not leave your machine unattended at any time.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: