[clug] unusual password retention in browser

Eyal Lebedinsky eyal at eyal.emu.id.au
Fri Aug 14 04:59:15 UTC 2015

I recently noticed a strange thing, where it seems that my password is retailed after being used.

Here is the simple scenario
- log into my bank with details I have in a file (file-1).
- copy+paste access code
- copy+paste password
- click login
   I am in
- I copy+paste some text off the screen into *another* shell running vi (file-2). Works fine
- I now make a service selection asking to get a report as pdf.
- I get the firefox dialogue asking to "open" or "save". I select "save"
- I get the save dialogue (need to select location and file name)
- In the file-2 vi I enter insert mode and click the middle button. I get two lines:
xxxxxxxxxxxxxxxx        (my password!)
abc_14Aug2015_023456    (suggested file name)

- WTF???

Who is holding my password? I can only think of firefox, but maybe the bank js?

How was it inserted into the copy buffer *after* I used the buffer to copy other stuff? Surely it
was supposed to be completely forgotten?


Eyal Lebedinsky (eyal at eyal.emu.id.au)

More information about the linux mailing list