Aren't passwords written in inputbox vulnerable through a stack trace ?

Posted by loursonwinny on Stack Overflow See other posts from Stack Overflow or by loursonwinny
Published on 2010-05-07T10:31:18Z Indexed on 2010/05/07 10:38 UTC
Read the original article Hit count: 217

Filed under:
|

Hello,
I am not a guru of the stack tracing, at all. I even don't know how to get some. Anyway, I am wondering if entering a password entered in an inputbox is safe. Can't it be retrieved by getting a stack trace ?
A password entered that way will be found in many places :

  • Caption property of the TEdit
  • Result of the function which creates the inputbox
  • probably, a variable that stores the Result of the InputBox Command
  • etc...

If the answer is "yes, it is a vulnerability", then my world collapses :p. What can be done to avoid that vulnerability hole ?

NOTE : The InputBox is an example but it can be with a "homebrewed" login prompt.
InputBox is a Delphi command but I haven't tagged the question with the Delphi tag because I suppose that the question concerns any language.

Thanks for reading

© Stack Overflow or respective owner

Related posts about password

Related posts about vulnerability