[clug] unusual password retention in browser
Eyal Lebedinsky
eyal at eyal.emu.id.au
Fri Aug 14 04:59:15 UTC 2015
I recently noticed a strange thing, where it seems that my password is retailed after being used.
Here is the simple scenario
- log into my bank with details I have in a file (file-1).
- copy+paste access code
- copy+paste password
- click login
I am in
- I copy+paste some text off the screen into *another* shell running vi (file-2). Works fine
- I now make a service selection asking to get a report as pdf.
- I get the firefox dialogue asking to "open" or "save". I select "save"
- I get the save dialogue (need to select location and file name)
- In the file-2 vi I enter insert mode and click the middle button. I get two lines:
xxxxxxxxxxxxxxxx (my password!)
abc_14Aug2015_023456 (suggested file name)
- WTF???
Who is holding my password? I can only think of firefox, but maybe the bank js?
How was it inserted into the copy buffer *after* I used the buffer to copy other stuff? Surely it
was supposed to be completely forgotten?
TIA
--
Eyal Lebedinsky (eyal at eyal.emu.id.au)
More information about the linux
mailing list