Security bug in Edge password manager

HotCakeX · ‎Oct 18 2020

So in Edge password manager, you took care of this problem by showing a fixed number of stars to prevent unauthorized users from seeing the exact number of characters in each password.

but the problem is, you can still see the total number of password characters when you go to each website.

notice the upper password has 3 characters more and I checked and confirm that the number of stars correctly represent the number of characters in the unmasked password.

and since an attacker can see the websites names in plain text in Edge password manager:

edge://settings/passwords

all they have to do is to go to that website, click on the username/password field to view the exact number of password characters.

using Edge dev Version 87.0.664.8 (Official build) dev (64-bit)

(also sent using feedback button on Edge)

Kam · ‎Oct 18 2020

@HotCakeX Yeah, what can we do?!

HotCakeX · ‎Oct 18 2020

@Kam

I don't see the need to add others, again if i wanted to do that i'd do it myself.

I dont care who drew is or whatever.

jesus.

Kam · ‎Oct 18 2020

‌‌ @HotCakeX I already told you sorry. If you want I'll edit my post.

HotCakeX · ‎Oct 18 2020

@Kam

I don't care dude. it's not worth my time arguing.

I just hate when someone trashes my post that actually has valuable content.

Kam · ‎Oct 18 2020

Yeah I don't care either. Let's just stop arguing.

Security bug in Edge password manager

Security bug in Edge password manager

Re: Security bug in Edge password manager

Re: Security bug in Edge password manager

Re: Security bug in Edge password manager

Re: Security bug in Edge password manager

Re: Security bug in Edge password manager

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Security bug in Edge password manager