Google Clear-Text passwords
Chrome stores saves passwords in CLEAR TEXT.
1 ] Go to any site that allows you to sign in ex. webmail.pair.com
2 ] Enter your fake username. Enter a false (incorrect) password
3 ] Allow Chrome to save password ( It will prompt below the address bar)
4 ] Close Chrome
5 ] Locate and change directory using the command prompt to the path below
%:\Documents and Settings\%user name%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session ( Path might be different in Vista )
6 ] Note that the “Current Session” file needs to be present in your
“\Application Data\Google\Chrome\User Data\Default\” directory
7 ] Type this command in cmd : find “&secret” “Current Session”
8 ] You can see that its stored in clear text.
example:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\C
hrome\User Data\Default>find “&secret” “Current Session”
---------- CURRENT SESSION login_username=FakeUser&secretkey=FakePass&x=18&y=8B
Need to secure your usb drive? Click Here!
on October 6th, 2008 at 12:36 pm
I call bull – my Current Session file contains no login_username or secretkey
on April 12th, 2010 at 6:17 pm
[…] http://www.whatsmypass.com/google-clear-text-passwords Categories: Security Comments (0) Trackbacks (0) Leave a comment […]
on May 16th, 2011 at 12:16 pm
you’d think one of the most popular web browsers would have better security, rather than storing passwords in plain text. tsk tsk.