Vault password not cleared

buttercup / buttercup-browser-extension

:earth_asia: Buttercup browser extension

https://buttercup.pw

MIT License

231 stars 42 forks source link

Vault password not cleared #396

Closed gerrygralton closed 6 months ago

gerrygralton commented 3 years ago

Hi, I'm pretty sure this a very serious security flaw and I couldn't see any open issues.

To reproduce:

Use browser plugin
Have multiple vaults
Open one vault with password. Do not close tab.
Lock vault (either timeout or manually)
Go back to open tab and find that correct vault password is already filled in.

I'm using Ubuntu 20.04, Firefox 84.0.2, Buttercup 2.24.1. May exist on other systems.

gerrygralton commented 3 years ago

@perry-mitchell bump. Sorry for bugging you, if I knew anything about js I'd have a go myself.

perry-mitchell commented 3 years ago

You're right, it should close the tab. Thanks!

gerrygralton commented 3 years ago

The tab can't be closed because you might want to open the other vault at the same time. My intuition, without knowing anything about the backend, is that the password field should be cleared once the vault has been opened.

perry-mitchell commented 6 months ago

Closing this as the new V3 release renders this issue as either outdated or irrelevant. If you feel this was in error, please don't hesitate to comment. Please note that you should, at very least, test again in the new release once it's out.