User: Password:
|
|
Subscribe / Log in / New account

The Firefox password manager vulnerability

The Firefox password manager vulnerability

Posted Dec 12, 2007 22:27 UTC (Wed) by riches2rags (guest, #49525)
In reply to: The Firefox password manager vulnerability by johnkarp
Parent article: The Firefox password manager vulnerability

Bear in mind, that if the user has been brought to a "poser" web site, no password manager
client-side bug is gonna matter if he/she is clicking "OK" anyway. The data has been
deliberately sent (ie. exposed). The client maintained list is not, in and of itself,
compromised. The hidden form field phishing is a bit less culpable for the client. Simplest
solution might be to add a "paranoia" setting to the PM that presents a DB exposing the fqdn
about to receive the sensitive submission asking "Are you sure this is a valid authentication
request?<continue><cancel>
The onus is on the user to double check the validity of the transaction one last time.
IMHO, any truly sensitive authentication should be using encrypted transmission with mutual
trust verification anyway, or the user should seriously consider doing business elsewhere.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds