Open Bug 1753271 Opened 3 years ago Updated 8 months ago

Cleartext submission of password

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: mohammedsherif967, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0

Steps to reproduce:

BUG :

Cleartext submission of password
Vulnerable link :

http://connect.mozilla.org/

Summary:

A page not fully protected by an SSL certificate. This could allow an attacker in a Man-in-the-Middle position to obtain usernames and
passwords of users visiting the site.
POC :

1-when am open Wireshark (tool hackers used to capture all traffic in-network )
2-and in this case the hacker can see the credentials of the victim because the website used HTTP, not HTTPS (port 80 not port 443)

as you see credentials in clear text
Remediation:

1- If any part of a site is required to be protected by SSL, the entire site should be protected by SSL. Ts this would stop the attack outlined above from working, as a certificate error would be displayed to the user.
2- HTTP Strict Transport https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security could be used to mitigate this attack, which would tell all browsers not to allow an HTTP connection to the website
Impact

If a user were to visit this page from a public or shared network (eg, Starbucks, airport, library, etc) and submit a comment, a malicious user on the same network would be able to obtain that users username and password by conducting a Man-in-the-Middle attack using sslstrip and Wireshark.
This would allow the malicious user complete access to the user's account.

Component: MozillaBuild → Other
Product: mozilla.org → Websites
Version: other → unspecified
You need to log in before you can comment on or make changes to this bug.