Comment #35 on issue 1397 by crocca: Master password is missing http://code.google.com/p/chromium/issues/detail?id=1397
This can be assigned as a security issue for one reason. On office networks, usually the WinXP administrator password is something like 'admin' or 'admin123', or even 'companyname'. In this scenario, for a small cracker in the company, it's easy to mount the default \\computer\C$ share specifying the user COMPUTER\administrator and the default well known password. Mounting the C$ share it's possible to surf to all Application Data and Default Settings in Documents and Settings. It's even possible to copy the files that Chrome stores in that folder and copy to the cracker machine, and execute Chrome with the settings and the passwords of the victim. A master password wouldn't be able to prevent this "steal", but would at least not show the passwords. The master password needs to prevent also from putting it in a web page, cause it's very easy to configure the hosts file to point mail.google.com to localhost, making a small php page that reads username and password and shows after the submit. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to chromium-bugs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---