Unencrypted password in local browser storage

Report bugs found in Poker Mavens
Post Reply
MCS
Posts: 2
Joined: Wed Apr 14, 2021 1:12 pm

Unencrypted password in local browser storage

Post by MCS »

Hi,

I just stumbled across my browser's local storage and realized that my PlayerPassword is saved there as plain text, unencrypted. As anyone with access to my browser can easily lookup the password, I consider it a minor security issue.

Wouldn't it be possible to replace the password with a server generated random token?

Kind regards,
Marcus
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: Unencrypted password in local browser storage

Post by Kent Briggs »

MCS wrote:I just stumbled across my browser's local storage and realized that my PlayerPassword is saved there as plain text, unencrypted. As anyone with access to my browser can easily lookup the password, I consider it a minor security issue.
Just uncheck the "Remember Password" box and it won't get stored. You'll then have to enter it each time you login.
Wouldn't it be possible to replace the password with a server generated random token?
That random token would have to be stored locally too, especially since you won't be able to memorize it like you would a password.
MCS
Posts: 2
Joined: Wed Apr 14, 2021 1:12 pm

Re: Unencrypted password in local browser storage

Post by MCS »

That token stored locally wouldn't be a problem as of its "random" nature, not being a real password.

I will uncheck the box and teach KeePass auto-type the login form (as I should have done from the beginning).
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: Unencrypted password in local browser storage

Post by Kent Briggs »

MCS wrote:That token stored locally wouldn't be a problem as of its "random" nature, not being a real password.
If you're storing that random token somewhere, it's just as vulnerable as a password. When you use a password manager, you're storing them encrypted and then just remembering the manager's password.
Post Reply