Autofill flaw lets scam websites steal internet users' credit card and contact details

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
Quote

 

As the use of multiple usernames and passwords across different sites becomes common online practice, people increasingly turn to password managers and browser autofill in order to log in. While this is the recommended way to stay safe online, a newly discovered flaw in popular browsers and password managers could let scammers steal sensitive information, a researcher has found. 

 

The flaw affects the autofill function, which saves personal information and automatically pastes it to prevent repetitive typing, on browsers including Google's Chrome and Apple's Safari. It also affects some plugins and add-ons including the LastPass password manager. 

 

When a user starts to input information into a website, such as their name, autofill suggests information to paste into other boxes on the page. Once the user clicks on one of the suggestions the function automatically pastes information into text boxes on the site. 

 

 
 

http://www.telegraph.co.uk/technology/2017/01/10/autofill-flaw-scam-websites-steal-internet-users-credit-card/

 

So you may want to Disable Autofill in your browser, or at a minimum check to see what information it has.

Link to comment
Share on other sites
Veteran

+Biscuits Brown MVC

Posted
  • MVC
Posted

Saw this demoed on Security Now. Really is an excellent CSS 'expoit'  that has a lot of potential for bad things. Browsers just need to be changed to do a check to see if the auto-fill field is in the visible bounds of the view port before filling it.   

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.