24/7/365 access to a team of world-class, certified ethical hackers to repair and harden your website.

Password Leak – Version 76.0.3809.132 (Official Build) (64-bit)

When a plain-text password form field is found by Google Chrome, it will reveal all passwords on that primary domain.

For example, take a look at the following code and screenshot:

<input class="form-control secure_password required password fs-hide" data-install-name="secureli" id="ftp_user_pass_new" required="required" aria-required="true" autocomplete="new-password" type="text" name="ftp_user[pass]">

By checking the “Show Password” button, as shown below…

…the auto-complete function in Chrome is activated and clicking on the password field shows a drop-down of all passwords saved on that domain, as shown below: