JavaScript to Unmask Password on Web Pages!

Discussion in 'privacy problems' started by aigle, Apr 2, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    aigle, Apr 2, 2008
    #1
  2. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,390
    Am I understand this correctly that this can only be exploited from my pc and only if I use some kind of browser password function?
    on the other hand it might be useful if I forget my own password for a site but the inbuilt password manager still functions:D
     
    beethoven, Apr 2, 2008
    #2
  3. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I'm wondering the same as Beethoven is.

    Am I correct in thinking that this can only happen if you have passwords stored on your computer?

    I always clean out my FF history/privacy/cookies etc. and I don't store passwords within FF.
     
    Stijnson, Apr 3, 2008
    #3
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    That will be a good use of this script. :thumb:
     
    aigle, Apr 3, 2008
    #4
  5. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Well it isn't really that much of a revelation I'm afraid.
    For example: when you use the developers toolbar for FireFox, you can enable the option "show passwords", which does pretty much the same.

    Java script is client side (and not server side). This information is only being shown to the user, and that's you.

    Also the script to change the field from 'password' to 'text' is just standard HTML. You could also change the properties of the user name field to 'password', but it doesn't do anything but showing asterisks in stead of alphanumeric characters.

    I don't really sea any security threat posed here to be honest.
     
    Eagle Creek, Apr 10, 2008
    #5
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks for that info. So it can,t be done on server side?
     
    aigle, Apr 11, 2008
    #6
  7. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Well, the properties of the text box could be changed from "password" to "text" but there should ring a bell when you enter your password and you can read it.
    It doesn't effect the sending of the password, eg: it's not less secure.
     
    Eagle Creek, Apr 11, 2008
    #7
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    That,s good to know.
     
    aigle, Apr 11, 2008
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...