Closed Bug 404804 Opened 17 years ago Closed 17 years ago

There is no security on ****** password fields, can easily be sniffed by javascript

Categories

(Firefox :: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 352761

People

(Reporter: gabrielwhite, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

There is a bookmarklet that can reveal passwords in ****** password fields

http://aksn1p3r.blogspot.com/2007/07/firefox-asterisk-revealer.html

This is a significant security risk for people who are using the password manager to manage their passwords.

The ability to reveal passwords should be disabled.

Reproducible: Always

Steps to Reproduce:
See http://aksn1p3r.blogspot.com/2007/07/firefox-asterisk-revealer.html for details.
Actual Results:  
Passwords can be revealed

Expected Results:  
Passwords should not be revealed
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
That bookmarklet works on all modern browsers, I've even seen some bank sites design their logins to require that functionality.
You need to log in before you can comment on or make changes to this bug.