GNOME Bugzilla – Bug 752737
Password manager should warn about or prevent storing passwords on insecure pages
Last modified: 2016-12-30 01:54:28 UTC
It's easy (script kiddie level) for an attacker to inject Javascript into insecure pages to focus a password form, read the password autofilled by a password manager, and call home without the user ever noticing. We should pick one of the following mitigations: (a) Warn the user when storing the password that other people on the Internet will be able to access the password; or (b) Just not prompt to store passwords on insecure pages. I favor (a). There is one more technique that is considered best-practice for password managers, which I think is optional (redundant with the above): * Require some user interaction that cannot be performed by Javascript before autofilling the password on insecure pages.
*** Bug 750430 has been marked as a duplicate of this bug. ***
(In reply to Michael Catanzaro from comment #0) > It's easy (script kiddie level) for an attacker to inject Javascript into > insecure pages to focus a password form, read the password autofilled by a > password manager, and call home without the user ever noticing. We should > pick one of the following mitigations: > > (a) Warn the user when storing the password that other people on the > Internet will be able to access the password; or > (b) Just not prompt to store passwords on insecure pages. > > I favor (a). > > There is one more technique that is considered best-practice for password > managers, which I think is optional (redundant with the above): > > * Require some user interaction that cannot be performed by Javascript > before autofilling the password on insecure pages. (a) is implemented in 3.23.
*** This bug has been marked as a duplicate of bug 775167 ***