Session Manager Vulnerability: Password Exposure through Type Change

Session Manager Vulnerability: Password Exposure through Type Change

CVE-2016-5260 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

Learn more about our Web Application Penetration Testing UK.