After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 752737 - Password manager should warn about or prevent storing passwords on insecure pages
Password manager should warn about or prevent storing passwords on insecure p...
Status: RESOLVED DUPLICATE of bug 775167
Product: epiphany
Classification: Core
Component: Passwords, Cookies, & Certificates
3.16.x (obsolete)
Other Linux
: Normal major
: ---
Assigned To: Michael Catanzaro
Epiphany Maintainers
: 750430 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2015-07-22 17:24 UTC by Michael Catanzaro
Modified: 2016-12-30 01:54 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Michael Catanzaro 2015-07-22 17:24:08 UTC
It's easy (script kiddie level) for an attacker to inject Javascript into insecure pages to focus a password form, read the password autofilled by a password manager, and call home without the user ever noticing. We should pick one of the following mitigations:

(a) Warn the user when storing the password that other people on the Internet will be able to access the password; or
(b) Just not prompt to store passwords on insecure pages.

I favor (a).

There is one more technique that is considered best-practice for password managers, which I think is optional (redundant with the above):

* Require some user interaction that cannot be performed by Javascript before autofilling the password on insecure pages.
Comment 1 Michael Catanzaro 2016-02-29 16:06:53 UTC
*** Bug 750430 has been marked as a duplicate of this bug. ***
Comment 2 Michael Catanzaro 2016-12-29 18:18:41 UTC
(In reply to Michael Catanzaro from comment #0)
> It's easy (script kiddie level) for an attacker to inject Javascript into
> insecure pages to focus a password form, read the password autofilled by a
> password manager, and call home without the user ever noticing. We should
> pick one of the following mitigations:
> 
> (a) Warn the user when storing the password that other people on the
> Internet will be able to access the password; or
> (b) Just not prompt to store passwords on insecure pages.
> 
> I favor (a).
> 
> There is one more technique that is considered best-practice for password
> managers, which I think is optional (redundant with the above):
> 
> * Require some user interaction that cannot be performed by Javascript
> before autofilling the password on insecure pages.

(a) is implemented in 3.23.
Comment 3 Michael Catanzaro 2016-12-29 19:11:13 UTC

*** This bug has been marked as a duplicate of bug 775167 ***