google passwords shown without asking user password
Bug #1562543 reported by
Jaime Pérez
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
If user session is active and someone gets into chromium settings, user passwords can be seen withount any security step (in windows, user password is asked before showing passwords). As with chromebooks ubuntu is not locked when suspended, all my passwords are available to anyone. So It would good to put an authentication step before showing user passwords.
information type: | Private Security → Public Security |
Changed in chromium-browser (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
To post a comment you must log in.
An unlocked session isn't exactly safe; it'd be easy enough to install e.g. a keylogger or other malware while the session is unlocked. And even a locked session isn't very safe if a malicious actor can reboot and get plaintext access to storage. A real solution includes full disk encryption as well.
Thanks