Easy-accessible password! WTF??!!

Andrey Dubina 8 years ago 0
Why do you have getPassword() and deCryptString() functions?

I can get the original password in browser's js console by easy way.
Aes.Ctr.decrypt(string, PASSPHRASE, 256)
Where string = value of prefs.poweroff.password in browser's Local Storage,
And PASSPHRASE = "*j12398sdfh4123iud9123" is a key for encryption.

So, to get password, just put this line in console and hit Enter:
Aes.Ctr.decrypt(fvdSpeedDial.Prefs.get("poweroff.password"), "*j12398sdfh4123iud9123", 256);

e.g. http://joxi.ru/GrqM9DYUvQjVrz