phpPasswordManager

Tracker: Bugs

9 Security Flaw -- password(s) revealed - ID: 1833201

Last Update: Comment added ( nobody )

Details:

After a password is decrypted, it is displayed in the Account View page in
plain HTML. This means the page and, therefore, the password are cached on
the local computer. It would be easy to use a browser's history or even
just the back button to view the password. I believe this is a major
security flaw, but I'm not quite sure how to fix it.

Submitted:

selvirino ( selvirino ) - 2007-11-16 15:20

Priority:

Status:

Open

Resolution:

None

Assigned:

Nobody/Anonymous

Category:

None

Group:

None

Visibility:

Public

Comments ( 3 )

Date: 2009-04-16 16:26 Sender: nobody Can the browser receive instructions to do not cache the page?
Date: 2008-05-29 18:26 Sender: leprasmurf You can add a meta tag to prevent caching (quick google search: http://www.i18nguy.com/markup/metatags.html). be warned, IE 6 and below do not handle this well with out the update (http://support.microsoft.com/kb/323308 and http://support.microsoft.com/default.aspx/kb/937479)
Date: 2008-03-31 09:19 Sender: gingerdog if the page was served over SSL it would help...

Log in to comment.

Attached File

Change ( 1 )

Field	Old Value	Date	By
priority	5	2007-11-16 15:21	selvirino

phpPasswordManager

Tracker: Bugs

Comments ( 3 )

Log in to comment.

Attached File

No Files Currently Attached

Change ( 1 )

About SourceForge

Find Software

Develop Software

Community

Help