google passwords shown without asking user password

Bug #1562543 reported by Jaime Pérez on 2016-03-27
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Wishlist
Unassigned

Bug Description

If user session is active and someone gets into chromium settings, user passwords can be seen withount any security step (in windows, user password is asked before showing passwords). As with chromebooks ubuntu is not locked when suspended, all my passwords are available to anyone. So It would good to put an authentication step before showing user passwords.

Jaime Pérez (jaime-91) on 2016-03-27
information type: Private Security → Public Security
Seth Arnold (seth-arnold) wrote :

An unlocked session isn't exactly safe; it'd be easy enough to install e.g. a keylogger or other malware while the session is unlocked. And even a locked session isn't very safe if a malicious actor can reboot and get plaintext access to storage. A real solution includes full disk encryption as well.

Thanks

Jaime Pérez (jaime-91) wrote :

Well, but not everyone knows to use a keylogger. But if you put them pwds in their face... The problem is that chromebooks's crouton's ubuntu doesn't lock session when closing lid.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers