search

nextcloud / passman-webextension

Webextension for the Passman Nextcloud app. Also offers browser extension & Android app.
https://passman.cc
GNU Affero General Public License v3.0
114 stars 43 forks source link

Password is displayed in toolbar-text on every page load. #283

Closed beanaroo closed 5 years ago

beanaroo commented 5 years ago

Steps to reproduce

  1. Load a web page where you are logged in.

Expected behaviour

Toolbar should not display passwords (especially in cleartext).

Actual behaviour

Toolbar pops up every time with:

Detected new login: <PASSWORD> at <url>

Password is visible in DOM under <span class="toolbar-text">

Configuration

Operating system: Linux + Windows

Browser: Firefox

Extensions that might cause interference: None

Passman version: 2.2.0 (fix_layout_for_14 branch)

Extension version: 2.1.1

Nextcloud version: 14

screenshot from 2018-10-13 18-16-31

beanaroo commented 5 years ago

After re-installing the extension, toolbar no longer pops up on relevant pages. data is now undefined. I'll close this for now since I have no idea how to reliably reproduce it.