PasswordMaker Forums

Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Bugs => Topic started by: Phil on April 23, 2008, 07:47:00 PM

Title: Security Flaw
Post by: Phil on April 23, 2008, 07:47:00 PM

Hi.

There is a security flaw at the 'enter master password' stage of the process.

For maximal security, I do not store my master password at all.
Upon visiting a page with pre-stored form fields, PasswordMaker brings up the Master Password dialog box - however, even if this is cancelled, the fields EXCLUDING the generated password are still filled in.

This isn't a massive flaw, but still, it opens up the possibility of various account details being exposed, when they shouldn't be.

Title: Re: Security Flaw
Post by: Eric H. Jung on April 24, 2008, 12:53:02 AM

Yeah, this has been reported before. In the interim, you can not submit the form to prevent anyone from seeing the populated data. This is partially why PasswordMaker doesn't have auto-submit of forms.