subignition

@subignition@fedia.io

This is a remote user, information on this page may be incomplete. View at Source ↗

Other accounts:

⁨Comment⁩ on ⁨From Lab to Field Testing of Millimeter Wave Drilling⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
This reeks of manufactured engagement.
⁨Comment⁩ on ⁨Major password managers can leak logins in clickjacking attacks⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I think I meant to reply to the user who was talking about KeePass. If you have brought the user to a malicious page, you can already just impersonate the login form and something like KeePass that doesn't offer to autofill passwords will be none the wiser (because the user initiates the paste / autotype)

In the XSS case, I think this would be occurring on a page the user trusts but has been compromised by an external script (via an ad or other means). If it's at a domain the user has saved credentials for, odds are high it's a login page, but I think you're right that an attacker could probably add their own input field to provoke the password manager overlay, with an innocuous-looking fake captcha or cookie banner over it.
⁨Comment⁩ on ⁨Major password managers can leak logins in clickjacking attacks⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Yes, I read the article.
⁨Comment⁩ on ⁨Major password managers can leak logins in clickjacking attacks⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
This is somewhat clever, but if you're phished into attempting to login on a malicious page, you've already lost