Closed
Bug 1393018
Opened 7 years ago
Closed 7 years ago
Saved passwords for a particular site can be seen by others using the same machine
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: crossfire.saif, Unassigned)
Details
Attachments
(1 file)
152.34 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170628075643 Steps to reproduce: After entering an email id in the email field of a site., when the autofill pops up choose the corresponding email ID and the password gets autofilled. Then type in an extra character and sign up using the incorrect password. The save password option pops up and there click on show password option. Actual results: The actual saved password can be seen then with the extra incorrect character. This way anyone using the same machine can find out another user's password. Expected results: The old password should not be visible.
Comment 1•7 years ago
|
||
This is an expected part of how saved passwords work, and there is no reasonable solution to this problem. Saved passwords are also accessible in the preferences and using the developer tools. The long and short of it is: don't give someone you don't trust access to a running instance of Firefox (or Chrome, or Edge, or ...) that knows your password(s). If you share the machine with people you wouldn't want to have access to your passwords or accounts, use separate OS user accounts and do not leave your machine unattended at any time.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•