Closed Bug 1748065 Opened 2 years ago Closed 1 year ago

Do not leak password length when password is concealed

Categories

(Firefox :: about:logins, enhancement, P3)

enhancement

Tracking

()

VERIFIED FIXED
111 Branch
Tracking Status
firefox111 --- verified
firefox112 --- verified

People

(Reporter: serg, Assigned: serg)

References

(Depends on 2 open bugs, Blocks 1 open bug)

Details

(Whiteboard: [fxcm-bugs-2023])

Attachments

(1 file)

Currently we show *** for password when viewing a login and number of * leaks password length.

For login viewing we should always display fixed number of * for concealed password.

Assignee: nobody → sgalich
Severity: -- → S2
Priority: -- → P2
Attachment #9257233 - Attachment description: Bug 1748065 - Do not leak password length when password is concealed. r=tgiles,dimi? → Bug 1748065 - Do not leak password length when password is concealed. r=tgiles,dimi
Attachment #9257233 - Attachment description: Bug 1748065 - Do not leak password length when password is concealed. r=tgiles,dimi → Bug 1748065 - Do not leak password length when password is concealed. r=tgiles!,dimi!
Blocks: 952869
Pushed by sgalich@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/773233d22a37
Do not leak password length when password is concealed. r=tgiles

Backed out changeset 773233d22a37 (Bug 1748065) for causing bc test failures on browser_updateLogin.js.
Backout link
Push with failures
Failure Log
also on OS X - bc4

Flags: needinfo?(sgalich)
Flags: needinfo?(sgalich)
See Also: → 1749612
Depends on: 1743046
Depends on: 1750072
See Also: → 1753116

Hello Sergey Galich,I am interested in working on this bug. I request you to assign me for this bug.

Flags: needinfo?(sgalich)
Flags: needinfo?(sgalich)

Ritika, sorry for the late reply. This bug already got a patch, but it must wait until "Depends on" bugs are resolved.

Priority: P2 → P3
Whiteboard: [fxcm-bugs-2023]
Attachment #9257233 - Attachment description: Bug 1748065 - Do not leak password length when password is concealed. r=tgiles!,dimi! → Bug 1748065 - Do not leak password length when password is concealed. r=#credential-management-reviewers
Pushed by sgalich@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5692bc6731f3
Do not leak password length when password is concealed. r=credential-management-reviewers,dimi
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
QA Whiteboard: [qa-111b-p2]

I confirm this enhancement is implemented on Firefox 111.0b5(build ID: 20230223185944) and Nightly 112.0a1(build ID: 20230224092408) on macOS 12, Windows 11, Ubuntu 22.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-111b-p2]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: