View another person password by save password from Firefox
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
People
(Reporter: will.unicamp, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
I was able to see another person password through Firefox save password feature. The password was inserted inside a Wordpress plugin, in another machine, and it was saved there. From my machine, I've opened the same page and saved the same form, and Firefox offered me the option to save and view the password.
|
||
Comment 1•6 years ago
|
||
(In reply to will.unicamp from comment #0)
I've opened the same page and saved the same form, and Firefox offered me the option to save and view the password.
This will be because the password is included in the form that you saved. You already had access to that password, it's not Firefox that allows this, it's the plugin page that echoes it into the page.
Removing the security flag as this isn't a Firefox security issue. It's possible we can avoid the password manager prompting here, so keeping the bug for that - though it might be impossible if the wordpress plugin is badly written.
Which wordpress plugin was this?
|
Reporter | |
Comment 2•6 years ago
|
||
I've experienced this issue before in another form. My internet provider had configured my router with user and password for PPoE access, through remote access. I shouldn't know the password, but accessing the form and clicking on update button (without changing anything) I was able to see the password by clicking on "show password", offered by the browser to me.
The WordPress plugin is WP Mail SMTP.
|
||
Comment 3•6 years ago
|
||
Gijs is right, if you looked in the developer tools or View Source you would have already been able to see the password without the prompt to save. Bug 1388674 would be a potential solution for this though there may be times when the user does want to save that password…
|
||
Updated•6 years ago
|
|
||
Updated•1 year ago
|
Description
•