19

So I was logging into google today and my password is very long so I often make mistakes while typing it so I went to inspect element to change input type to text so that I can check the password and I see that Firefox is storing my password already as plain text. Wtf Firefox???

Comments
  • 17
    1. this is not an issue with Firefox, it has to do with a js framework used.
    2. Not an security issue, since you need to have access to the tab to view the source. Generally speaking if you have control over what it's run on, it's hackable.
    3. It doesn't make it worse if you think about compromised extensions, since they can inject javascript into the page anyway if allowed too. If they can, it's a dead simple one-liner to retrieve the password. Don't simply trust all extensions kids.
  • 6
    console.log($('.password').value)

    I don't see why this is so specifically insecure.
    did you know your password gets send to the server in plaintext as well?
  • 1
    @balte except it's HTTPS, okayy if you want to be that specific it's still plain text on a encrypted transport layer, but you get what I mean
  • 0
    @Kimmax absolutely, but this is all client sided talk of course.
  • 0
    @Kimmax absolutely, but this is all client sided talk of course.
  • 0
    @balte wow what happened there
Add Comment