« previous next »
Pages: [1]

Author Topic: Security Flaw  (Read 5439 times)

Phil

  • Guest
Security Flaw
« on: April 23, 2008, 07:47:00 PM »
Hi.

There is a security flaw at the 'enter master password' stage of the process.

For maximal security, I do not store my master password at all.
Upon visiting a page with pre-stored form fields, PasswordMaker brings up the Master Password dialog box - however, even if this is cancelled, the fields EXCLUDING the generated password are still filled in.

This isn't a massive flaw, but still, it opens up the possibility of various account details being exposed, when they shouldn't be.
Logged

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Security Flaw
« Reply #1 on: April 24, 2008, 12:53:02 AM »
Yeah, this has been reported before. In the interim, you can not submit the form to prevent anyone from seeing the populated data. This is partially why PasswordMaker doesn't have auto-submit of forms.
Logged

PasswordMaker Forums

Re: Security Flaw
« Reply #1 on: April 24, 2008, 12:53:02 AM »
Pages: [1]
« previous next »