PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Bugs => Topic started by: Phil on April 23, 2008, 07:47:00 PM
-
Hi.
There is a security flaw at the 'enter master password' stage of the process.
For maximal security, I do not store my master password at all.
Upon visiting a page with pre-stored form fields, PasswordMaker brings up the Master Password dialog box - however, even if this is cancelled, the fields EXCLUDING the generated password are still filled in.
This isn't a massive flaw, but still, it opens up the possibility of various account details being exposed, when they shouldn't be.
-
Yeah, this has been reported before. In the interim, you can not submit the form to prevent anyone from seeing the populated data. This is partially why PasswordMaker doesn't have auto-submit of forms.