Tooltips appear and could leak information

clarkio / azure-mask

A browser extension (Chromium, Firefox) that toggles concealment of sensitive information found in the Azure Portal web page such as Subscription Id's

MIT License

275 stars 60 forks source link

Tooltips appear and could leak information #48

Open corbob opened 5 years ago

corbob commented 5 years ago

The masking is good, but there are a number of parts of the portal where you could mouse over the obscured text and Azure dutifully discloses the obscured portion through a tooltip.

Everywhere that I've had a subscription ID it has appeared there, it also appears in the top right corner where your profile information is.

clarkio commented 5 years ago

Could you share some example(s) of the other tooltip areas that you're seeing expose the information?

For my own tracking purposes, I believe this is a related issue but limited to just the top right corner profile information: https://github.com/clarkio/azure-mask/issues/29

corbob commented 5 years ago

It does look very much related. Some examples are in the Subscriptions Section: