History :
[2008-09-05] Started

  Affected software :  

Risky Chrome

  Text :  

Google Chrome : The perfect password offering ( Tested on pair.com
Webmail, might work on
others as well with Google Chrome 0.2.149.27)

Chrome stores saves passwords in CLEAR TEXT.

1 ] Goto webmail.pair.com
Pair Webmail provides https and doesn't have any option on its page to
save password.

2 ] Enter your username. Enter a false (incorrect) password

3 ] Allow Chrome to save password ( It will prompt below the address bar)

4 ] Now try again and this time Login user your real credentials

5 ] Open a few emails, if possible in a new tab

6 ] Sign out and close Chrome

7 ] Locate
X:\Documents and Settings\<user name>\Local Settings\Application
Data\Google\Chrome\User
Data\Default\Current Session ( Path might be different in Vista )
and change directory using the command prompt to the above path

8 ] Note that the "Current Session" file needs to be present in
your "\Application
Data\Google\Chrome\User Data\Default\" directory

9 ] Fire this command in cmd : find "&secret" "Current
Session" (You can use grep as well)

10 ] If you have reached till this stage you can see that its stored in
clear text.

11 ] Screenshot attached : Chrome_Password_Current_Sessions_ClearText.png
Uh! Cannot attach !!
Contact for a demo video if you can't manage to pull this.

-- QUAKERDOOMER

  References :  

http://seclists.org/bugtraq/2008/Sep/0065.html