Status: Unconfirmed Owner: ---- Labels: OS-Linux Area-Misc Size-Medium Type-Bug
New issue 22241 by wonderclown: Passwords saved plaintext and world-readable http://code.google.com/p/chromium/issues/detail?id=22241 Chrome Version : 4.0.207.0-r25617 OS + version : Debian Lenny (stable) CPU architecture (32-bit / 64-bit): 32-bit window manager : wmii URLs (if applicable) : Behavior in Firefox 3.x (if applicable): Behavior in Chrome for Windows (optional): What steps will reproduce the problem? 1. Enable password saving (enabled by default) 2. Login to a site (e.g., Gmail), allowing Chrome to save the password 3. Have a look at the permissions on "~/Default/Web Data" and its content What is the expected result? Passwords should be encrypted, ideally with strong encryption, or at least with weak obfuscation, and the filesystem-level permissions on the sqlite database containing them should be 0600 (i.e., read/write by user only, with no group or world permissions set). What happens instead? Passwords are plaintext inside the sqlite database, which has read permissions for group and world (i.e., anybody on the system can read the passwords). Please provide any additional information below. Attach a screenshot and backtrace if possible. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
