Password shown in cleartext on login prompt in mobile android app
I just noticed that my login credentials can be viewed in cleartext when prompted to login after app update. I don't use any password managers, so I guess the password is stored by the cronometer app?
When I perform a manual logout, the login fields are empty - that should be the default behaviour. This is a major security concern in my opinion. When the app requires a new login, it should not show the stored password in the login prompt.
Phone: Samsung Galaxy A20e
Android 10, Kernel: 4.4.177-20147223
App version: v3.5.9 (b805-AF-s1)
Comments
-
Thanks for reporting this! I've got a bugged logged so we can look into this ASAP.
Karen Stark
cronometer.com
As always, any and all postings here are covered by our T&Cs:
https://forums.cronometer.com/discussion/27/governing-terms-and-disclaimer
