Security issue: Protecting passwrods

Hello Brave community,

I just used the password manager and realized it is not secure (to say the least):

In other browsers (e.g. the hated Chrome), you can go to settings and retrieve the passwords that the browser saved when accessing website that are password-protected. However, in order to retrieve these passwords, the browser requires the user to first provide his own password to the computer in order to make sure that the person who is attempting to access the saved passwords is not just someone random.

Today in Brave browser, anyone who walks by my computer can go to settings->Security->Manage passwords and simply copy/paste all my passwords without ever being challenged in any way shape or form.

I find this to be a huge security breach and a real genuine concern.

How can we go about fixing this?

Thank you,
Eyal

1 Like

@Tenebrae Thanks for reporting!

I could not reproduce this issue on Windows 7 x64. The password prompt for my account was shown. Brave Beta v0.55.10.

@Tenebrae It could be OS specific. Could you provide more info?
I need your OS and output from chrome://version

@btlechowski, I believe @Tenebrae is mentioned about password manager for the current Brave stable (0.24.0). :slightly_smiling_face:

1 Like

Hello @btlechowski

Just to emphasize, the issue is in Brave browser, not in chrome browser or in my google account settings. In Brave, when I go to Settings->Security->Manage passwords I am free to copy/paste previously saved passwords without being challenged with my computer’s password.

I’m running windows 10 Enterprise edition
Processor: Intel Core i7-8600U CPU @ 2.80GHz 2.90 GHz
System type: 64-bit OS, x64-based processor

Brave information:
Brave: 0.24.0
V8: 6.9.427.23
rev: f657f15bf7e0e0c50a2b854c6b05edb59bfc556c
Muon: 8.1.6
OS Release: 10.0.16299
Update Channel: Release
OS Architecture: x64
OS Platform: Microsoft Windows
Node.js: 7.9.0
Brave Sync: v1.4.2
libchromiumcontent: 69.0.3497.100

When I type chrome://version in Brave, I get an error page.
I tried to attach some screenshots to this message but I’m an underprivileged new user :frowning:

LMK if you need more info,
/E/

@Tenebrae

We are working on a new browser version which will replace 0.24.0.
It has passwords protected.

You can check the beta version here: Download Brave Beta | Brave Browser

1 Like

Thanks for your reply.
When is the GA release of the new version planned for?

/E/