Closed Bug 288275 Opened 19 years ago Closed 12 years ago

Password fields should use secure input mode to prevent sniffing

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 394107

People

(Reporter: ap, Assigned: dveditz)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ru-ru) AppleWebKit/405 (KHTML, like Gecko) Safari/405
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

Native OS X password controls (Carbon or Cocoa) temporarily enable a so-called secure input mode to 
prevent password sniffing. However, Firefox password fields do not, making sniffing possible. This is a 
problem with both forms and auth sheets.

Reproducible: Always

Steps to Reproduce:
1. Enable Keyboard Viewer in International control panel
2. Show it (from Keyboards menu)
3. Make a password field active (e.g., go to http://bugreport.apple.com)
4. Type something
Actual Results:  
Keypresses are visible in the Keyboard Viewer

Expected Results:  
Keyboard Viewer shouldn't see password keys pressed.

Technically, it is very easy to enable/disable secure input mode: EnableSecureEventInput(), 
DisableSecureEventInput(), that's all. However, great care should be taken to ensure that secure input 
mode gets correctly disabled - because it prevents many accessibility applications from working. It should 
be disabled whenever the password control stops being the user input focus for any reason, including:
1) Focus moves to another control
2) Another application is activated
3) A system service such as Dashboard is activated
4) A dialog such as Save As is displayed
This secure input mode works in native (Carbon and Cocoa) controls, which we're
not using at this moment. EnableSecureEventInput, DisableSecureEventInput, and
IsSecureEventInputEnabled are supposed to help us however, see
<http://developer.apple.com/releasenotes/Carbon/HIToolbox.html>. I've heard of
Jaguar and/or Panther problems though.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I think that these APIs are only available in 10.3 and higher (at least, they are documented as such). In 
10.2, system controls used some private API to achieve a similar result.

I have read about GetKeys() not being completely disabled in some circumstances (http://
lists.apple.com/archives/carbon-dev/2005/Jan/msg00360.html) - are there any other 
known problems?
While "parity with other applications on the platform" probably constitutes a sufficiently good reason, what benefit does this feature provide, exactly?  An application running as a given user can't protect itself from other applications running as the same user; this just makes keyloggers marginally more difficult, not impossible.  If you have a password sniffing tool running on your system, you've already lost.

Also, marking this as not PowerPC-specific.
Hardware: PowerPC → All
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.