maemo.org Bugzilla – Bug 6966
Passwords not being hashed out upon entry
Last modified: 2010-02-04 04:17:40 UTC
You need to
before you can comment on or make changes to this bug.
(Settings > General > About product)
EXACT STEPS LEADING TO PROBLEM:
(Explain in detail what you do (e.g. tap on OK) and what you see (e.g. message
Connection Failed appears))
1. when entering a password or number from drop down boxes, ie for online
banking, the numbers entered are not being hashed out and can still see them.
The purpose of using a drop down down is to stop key logging.
pass words/numbers should be hashed out
not hashed out
(always, less than 1/10, 5/10, 9/10)
EXTRA SOFTWARE INSTALLED:
check out an on line bank login page such as nationwide.co.uk. I believe this
is a high security risk issue which needs attention urgently.
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64;
Trident/4.0; GTB6.3; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR
3.0.30729; Media Center PC 6.0; MDDC)
Confirmed. I'm not sure it's microb's problem as the page doesn't even
validate, but it works as the reporter expects in Firefox 3.5.
(In reply to comment #0)
> EXPECTED OUTCOME:
> pass words/numbers should be hashed out
> ACTUAL OUTCOME:
> not hashed out
Some security researchers are beginning to question the usefulness of password
masking. Just for the debate:
So it turns out that this is the same issue as bug 6598, hence marking as
*** This bug has been marked as a duplicate of bug 6598 ***
Not actually related to bug 6598 afaict, but rather custom script stuff from
The numbers selected in the dropdowns change to * when the dropdown loses focus
on tapping somewhere else (browser ~2010.05) which is slightly later than on
desktop, but fulfills the apparent goal of showing at most one secret character
at once. (There's visibility during selection either way.)