Risky Chrome (The perfect cleartext password offering )

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052514 漏洞类型
发布时间 2008-09-05 更新时间 2008-09-05
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008090015
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 Google Chrome : The perfect password offering ( Tested on pair.com Webmail, might work on 
others as well with Google Chrome 0.2.149.27)
 
Chrome stores saves passwords in CLEAR TEXT.
 
1 ] Goto webmail.pair.com
    Pair Webmail provides https and doesn't have any option on its page to save password.
 
2 ] Enter your username. Enter a false (incorrect) password
 
3 ] Allow Chrome to save password ( It will prompt below the address bar)
 
4 ] Now try again and this time Login user your real credentials
 
5 ] Open a few emails, if possible in a new tab
 
6 ] Sign out and close Chrome
 
7 ] Locate
X:\Documents and Settings\<user name>\Local Settings\Application Data\Google\Chrome\User
Data\Default\Current Session ( Path might be different in Vista )
and change directory using the command prompt to the above path
 
8 ] Note that the "Current Session" file needs to be present in your "\Application
Data\Google\Chrome\User Data\Default\" directory
 
9 ] Fire this command in cmd : find "&secret" "Current Session" (You can use grep as well)
 
10 ] If you have reached till this stage you can see that its stored in clear text.
 
11 ] Screenshot attached  : Chrome_Password_Current_Sessions_ClearText.png
Uh! Cannot attach !!
Contact for a demo video if you can't manage to pull this.
 
-- QUAKERDOOMER