Closed Bug 233492 Opened 21 years ago Closed 21 years ago

Security risk: FTP name and password appear in Location Bar after site is opened

Categories

(SeaMonkey :: Location Bar, enhancement)

Product:
SeaMonkey
Component:
Location Bar
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 157354

People

(Reporter: u4664, Unassigned)

Details

User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 When a name and password are used to access an ftp site via the Location Bar, e.g. ftp://foo:bar@ftp.site.com, the name ("foo") and password ("bar") persist in the Bar as the site is traversed/navigated. This is a huge security risk because it allows casual passers-by to see the name and password. In addition, the entire address, including the name and password, are included in the Location Bar's history, which poses an even bigger security risk. I haven't tested this, but I assume that this problem also exists for accessing Web pages that use HTTP authentication. Reproducible: Always Steps to Reproduce: 1. In the Location Bar, go to an FTP site that requires a name and password, e.g. ftp://foo:bar@ftp.site.com 2. Navigate through the FTP site as normal. Actual Results: The name and password remain in the Location Bar. Expected Results: The name and password should be removed after the user has entered the FTP site. See how Internet Explorer handles this.
*** This bug has been marked as a duplicate of 157354 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
V/dupe
Status: RESOLVED → VERIFIED
QA Contact: benc
Product: Core → SeaMonkey
You need to log in before you can comment on or make changes to this bug.