illmob.org

Google Clear-Text passwords

October 6th, 2008 by admin in Google, News, Password Info, windows

Chrome stores saves passwords in CLEAR TEXT.

1 ] Go to any site that allows you to sign in ex. webmail.pair.com

2 ] Enter your fake username. Enter a false (incorrect) password

3 ] Allow Chrome to save password ( It will prompt below the address bar)

4 ] Close Chrome

5 ] Locate and change directory using the command prompt to the path below

%:\Documents and Settings\%user name%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session ( Path might be different in Vista )

6 ] Note that the “Current Session” file needs to be present in your
“\Application Data\Google\Chrome\User Data\Default\” directory

7 ] Type this command in cmd : find “&secret” “Current Session”

8 ] You can see that its stored in clear text.
example:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\C
hrome\User Data\Default>find “&secret” “Current Session”

---------- CURRENT SESSION
login_username=FakeUser&secretkey=FakePass&x=18&y=8B

Need to secure your usb drive? Click Here!

3 Responses to ' Google Clear-Text passwords '

Subscribe to comments with RSS or TrackBack to ' Google Clear-Text passwords '.

  1. james said,

    on October 6th, 2008 at 12:36 pm

    I call bull – my Current Session file contains no login_username or secretkey


  2. on April 12th, 2010 at 6:17 pm

    […] http://www.whatsmypass.com/google-clear-text-passwords Categories: Security Comments (0) Trackbacks (0) Leave a comment […]

  3. clye said,

    on May 16th, 2011 at 12:16 pm

    you’d think one of the most popular web browsers would have better security, rather than storing passwords in plain text. tsk tsk.

Leave a reply