Closed Bug 242956 Opened 21 years ago Closed 21 years ago

Stored password is inserted into a readable text input on a second page

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.7

People

(Reporter: austin, Assigned: bryner)

References

(
URL
)

Details

(Keywords: privacy, Whiteboard: [sg:nse])

Attachments

(3 files)

patch
1.28 KB, patch
Details | Diff | Splinter Review
test1.htm
563 bytes, text/html
Details
test2.asp
465 bytes, text/html
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Build Identifier: See the example page above (I'll leave it up for now, please let me know when you've finished with it) - clear the password store for this domain, enter a user name/password combination on the example page (any will do) and submit the form - on the second page your username is already inserted in the first box and your password is shown in clear text in the second. This happens with both the Windows and the Linux version of FireFox - could be something to do with the name of the form, or the ID of the text boxes? It looks a bit like I'm cheating here, but there is no server side code - the second page only has a asp extension because IIS won't allow posting to a static page. Reproducible: Always Steps to Reproduce: 1.See above, and example page 2. 3. Actual Results: See above Expected Results: Both boxes on the second page should have been empty
Confirmed, the password manager should not prefill a password into an input that's not type=password, even if the ID matches.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
might need a fix for this before 0.9
Flags: blocking0.9+
Attached patch patchSplinter Review
Only prefill if the username field is type=text and the password field is type=password.
checked in to trunk and aviary branch
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Attached file test1.htm
test1.htm from the testcase
Attached file test2.asp
test2.asp from the testcase
serious privacy implications but not an exploit (site already knows your password). And basically the same is already public in bug 233075 --> removing security sensitive flag.
Group: security
Keywords: privacy
Whiteboard: [sg:nse]
*** Bug 233075 has been marked as a duplicate of this bug. ***
Target Milestone: --- → Firefox0.9
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: