Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames

Discussion in 'Tech news' started by silversurfer, Dec 29, 2017.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain.

    This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers, login managers that allow browsers to remember a user's username and password for specific sites and auto-insert it in login fields when the user visits that site again.

    Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords.

    Source: https://www.bleepingcomputer.com/ne...in-browser-login-managers-to-steal-usernames/
     
    daljeet and RGiskardR like this.
  2. Google Adsense

Share This Page