JavaScript to Unmask Password on Web Pages!

Discussion in 'privacy problems' started by aigle, Apr 2, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  2. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    Am I understand this correctly that this can only be exploited from my pc and only if I use some kind of browser password function?
    on the other hand it might be useful if I forget my own password for a site but the inbuilt password manager still functions:D
     
  3. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I'm wondering the same as Beethoven is.

    Am I correct in thinking that this can only happen if you have passwords stored on your computer?

    I always clean out my FF history/privacy/cookies etc. and I don't store passwords within FF.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That will be a good use of this script. :thumb:
     
  5. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Well it isn't really that much of a revelation I'm afraid.
    For example: when you use the developers toolbar for FireFox, you can enable the option "show passwords", which does pretty much the same.

    Java script is client side (and not server side). This information is only being shown to the user, and that's you.

    Also the script to change the field from 'password' to 'text' is just standard HTML. You could also change the properties of the user name field to 'password', but it doesn't do anything but showing asterisks in stead of alphanumeric characters.

    I don't really sea any security threat posed here to be honest.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks for that info. So it can,t be done on server side?
     
  7. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Well, the properties of the text box could be changed from "password" to "text" but there should ring a bell when you enter your password and you can read it.
    It doesn't effect the sending of the password, eg: it's not less secure.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s good to know.
     
Loading...
Thread Status:
Not open for further replies.