There is a security flaw in brave in login saved passwords when we click on reveal it ask for face id ( even when the face id is off ) but when we click on edit it reveals everything without asking face id . Wee need permanent face id lock on log in passwords not on entire browser.
@Sekhon_maninder ,
Thank you for the information. Can reproduce and have opened the following issue for the developers to review and resolve:
opened 06:14PM - 10 Aug 22 UTC
<!-- Have you searched for similar issues on the repository?
Before submitting … this issue, please visit our wiki for common ones: https://github.com/brave/browser-ios/wiki
For more, check out our community site: https://community.brave.app/ -->
### Description:
On iOS, one can view any saved password information by going to `Settings --> Logins and passwords --> Edit`. The behavior here should be the same as when you click `Reveal` on the password, wherein you are prompted to enter your system password, fingerprint or faceID before viewing the password. The `Edit` button seems to bypass this prompt entirely.
### Steps to Reproduce
1. Launch Brave on iOS
2. Go to `Login and passwords`
3. Select a login/password and tap `Edit`
**Actual result:**
Password is revealed and editable.
**Expected result:**
User should be prompted to enter system password/fingerprint/ID before information is revealed and/or editable.
**Reproduces how often:** [Easily reproduced, Intermittent Issue]
Easily/every time
**Brave Version:**
v1.39.111
**Device details:**
iPad/iOS 15.6
### Additional Information
1 Like
system
October 9, 2022, 6:15pm
5
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.