passifox icon indicating copy to clipboard operation
passifox copied to clipboard

Published 20 hours ago verified publisher icon pfn

Added popup confirmation option

Open vabene1111 opened this issue 7 years ago • 0 comments

Added an option to display a popup inside the browser before the password gets filled in.

Reasons

There have been reported cases of server side bundeling of hidden input fields to trick autofill plugins into filling in userdata. To my knowledge this has mostly been done for ad tracking but could also be used to steal credentials. https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research

Note

You could already confirm autofill per entry by clicking inside keepass but you had to leave the browser, this way is more convenient and no less secure if the user already had Keepass on "allow" and "remember decision"

I had some trouble finding the best place for the little code piece, i think it is a good soulution as is right now but if you prefere some other location just let me know.

vabene1111 avatar Jan 09 '18 18:01 vabene1111