Aren't passwords written in inputbox vulnerable through a stack trace ?

Posted by loursonwinny on Stack Overflow See other posts from Stack Overflow or by loursonwinny
Published on 2010-05-07T10:31:18Z Indexed on 2010/05/07 10:38 UTC
Read the original article Hit count: 214

Filed under:

password

|

vulnerability

Hello,
I am not a guru of the stack tracing, at all. I even don't know how to get some. Anyway, I am wondering if entering a password entered in an inputbox is safe. Can't it be retrieved by getting a stack trace ?
A password entered that way will be found in many places :

Caption property of the TEdit
Result of the function which creates the inputbox
probably, a variable that stores the Result of the InputBox Command
etc...

If the answer is "yes, it is a vulnerability", then my world collapses :p. What can be done to avoid that vulnerability hole ?

NOTE : The InputBox is an example but it can be with a "homebrewed" login prompt.
InputBox is a Delphi command but I haven't tagged the question with the Delphi tag because I suppose that the question concerns any language.

Thanks for reading

© Stack Overflow or respective owner

Related posts about password

remember password is not filling the password field automatically

as seen on Stack Overflow - Search for 'Stack Overflow'
IE is not filling the password field automatically when i click on the bookmarked url. But it's working on firefix,chrome etc. I tried with autocomplete="on" but no use. IE will fill the password only When i select a usename from the possible user names which the browser had kept for each login.… >>> More
Lost shell password: change user password from root

as seen on Super User - Search for 'Super User'
Hi. I recently accidentally forgot my user password to my shell. I know the root password. How do I change the user password? I figure it's something like $su root $passwd -[something] username but I can't get it to work. Halp pls? >>> More
[GEEK SCHOOL] Network Security 1: Securing User Accounts and Passwords in Windows

as seen on How to geek - Search for 'How to geek'
This How-To Geek School class is intended for people who want to learn more about security when using Windows operating systems. You will learn many principles that will help you have a more secure computing experience and will get the chance to use all the important security tools and features that… >>> More
Membership Generate Password alphanumeric only password?

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords. I have the solution already but thought I'd share for future visitors. .. Answer… >>> More
Password Recovery without sending password via email

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've been playing with asp:PasswordRecovery and discovered I really don't like it, for several reasons: 1) Alice's password can be reset even without having access to Alice's email. A security question for password resets mitigates this, but does not really satisfy me. 2) Alice's new password… >>> More

Related posts about vulnerability

Display particular data into a file

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I'm new to Ubuntu and have been using it for a couple of weeks now. Recently I encountered a problem where in I had to display a particular data on to a file. Here is the output displayed on the terminal. Potential vulnerability found (CVE-2009-4028) CVSS Score is 6.8 Full vulnerability match… >>> More
Multiple vulnerabilities in Oracle Java Web Console

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-5333 Information Exposure vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2007-6286 Request… >>> More
Multiple vulnerabilities in Firefox

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1960 Information Exposure vulnerability 5.0 Firefox Solaris 10 SPARC: 145080-12 X86: 145081-11 CVE-2012-1970 Denial of Service (DoS) vulnerability 10.0 CVE-2012-1971 Denial of Service (DoS) vulnerability 9.3 CVE-2012-1972… >>> More
Multiple vulnerabilities in Thunderbird

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1948 Denial of service (DoS) vulnerability 9.3 Thunderbird Solaris 10 SPARC: 145200-12 X86: 145201-12 CVE-2012-1950 Address spoofing vulnerability 6.4 CVE-2012-1951 Resource Management Errors vulnerability 10… >>> More
Multiple vulnerabilities in Firefox

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3982 Denial of service (DoS) vulnerability 10.0 Firefox Solaris 10 SPARC: 145080-13 X86: 145081-12 CVE-2012-3983 Denial of service (DoS) vulnerability 10.0 CVE-2012-3986 Permissions, Privileges, and Access… >>> More