Google Clear-Text passwords

October 6th, 2008 by admin in Google, News, Password Info, windows

Chrome stores saves passwords in CLEAR TEXT.

1 ] Go to any site that allows you to sign in ex.

2 ] Enter your fake username. Enter a false (incorrect) password

3 ] Allow Chrome to save password ( It will prompt below the address bar)

4 ] Close Chrome

5 ] Locate and change directory using the command prompt to the path below

%:\Documents and Settings\%user name%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session ( Path might be different in Vista )

6 ] Note that the “Current Session” file needs to be present in your
“\Application Data\Google\Chrome\User Data\Default\” directory

7 ] Type this command in cmd : find “&secret” “Current Session”

8 ] You can see that its stored in clear text.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\C
hrome\User Data\Default>find “&secret” “Current Session”


Need to secure your usb drive? Click Here!

3 Responses to ' Google Clear-Text passwords '

Subscribe to comments with RSS or TrackBack to ' Google Clear-Text passwords '.

  1. james said,

    on October 6th, 2008 at 12:36 pm

    I call bull – my Current Session file contains no login_username or secretkey

  2. on April 12th, 2010 at 6:17 pm

    […] Categories: Security Comments (0) Trackbacks (0) Leave a comment […]

  3. clye said,

    on May 16th, 2011 at 12:16 pm

    you’d think one of the most popular web browsers would have better security, rather than storing passwords in plain text. tsk tsk.

Leave a reply