Stored password?

I was checking some settings because I don’t receive anymore the ads and inside the file “Login Data” I found stored passwords (hashed or encrypted?). The bad thing is that I NEVER saved any password in the browser. Why are you saving the password anyhow?

@kikkus,
So if you go to brave://settings/passwords in your browser, you see absolutely nothing? Further, do you have more than one browser profile?

@Mattches these pictures are coming from another pc with only one profile (like the previous picture)

For security reasons, I never saved one single password in the browser.

And also here, in the same file, there are password (?) stored.

@kikkus,

“Another PC”? Apologies but I don’t understand – the first image is from a different PC then the other two images? Can you please clarify what you mean by this?

To me, it appears that passwords are saved in the browser and they do match whats in the SQLite file. But it sounds like you’re saying you never save passwords in the browser. But they’re obviously there and I assume they are also for sites that you use/visit, right? My theories:

  • You are somehow automatically/accidentally saving them in-browser. Do you have any extensions installed in the browser or security software on the PC?
  • Perhaps you imported these passwords at some point from another browser?
  • Did you install Brave and save passwords in-browser for a time, then uninstall only to reinstall later?

It is literally impossible for the browser to save your credentials without being given permission (manual) to do so and even then, it happens for very new login you enter so you would have noticed the prompt by now. So there must be something else at play here.

2 Likes

Ok, I try to explain.

I work in different places and on all the computers, I’m using brave only. Yesterday evening, I was on one computer and I sent the first picture from it. This morning I was working on another pc and I sent the two pictures from this second pc (two computers, two brave installations and the same results).

In all my working positions I never and never saved one single password. All the times I have to log in, before typing the password, I check if there are strange processes or services running, when I finish, I log out and clear the cookies of the website. I leave logged some accounts for the forums and not the important websites, but absolutely I don’t save the password in the browser.

About the extensions, i have only these:

@kikkus,
Do you have Sync enabled on any of your devices?

If you mean this , I never used this function (I dont know what it is).

1 Like

Thank you for confirming. I’m looking into this but can you please reconfirm for me that the passwords you are seeing in the database file actually match your passwords?

@kikkus,
Further, I’m noticing that the screenshot you sent of the passwords page looks strange. If I look at passwords saved in the browser, I see additional elements not seen on your end:
image

In your image, it I don’t see a “view” button (the eye icon) and the “more options” (three dots) button doesn’t seem to be there for you, but instead is an x. Are you actually able to view the stored passwords?

Hello @Mattches

not sure if i got it right or not but i think in that one brave://settings/passwords

i think all the link in his image from the second section which is never saved sites

2 Likes

@justsomeone1,
Great catch you’re absolutely right. That’s my bad. Still digging into this.

4 Likes

@Mattches as I said, I have never saved one password in the browser.

Right – but do the passwords in the database file match your actual passwords/sites where you have a login?

@Mattches The blob inside the field password is not in cleartext. How can I verify if the password matches? If you have some hint, let me know and I’ll try.

@kikkus,
Sorry I wasn’t clear enough – the sites themselves you should be able to read in plaintext. Are the sites listed sites that you actually use/have accounts for?

On this computer I have only these websites, on the others computers, I have many websites where I log daily.

I investigate a little bin on the values stored in the sql. All the blob starts with the string “V10” ( 0x57 0x31 0x30 in hex).

I searched for the the header and found this:

@kikkus,
Sorry for the long wait time – haven’t forgotten about this, still digging.

It’s ok, don’t worry :wink: :+1: :+1: