Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional Password-protection to private key reveal from Account screen #24322

Closed
josheleonard opened this issue Jul 28, 2022 · 2 comments · Fixed by brave/brave-core#14390
Closed

Add additional Password-protection to private key reveal from Account screen #24322

josheleonard opened this issue Jul 28, 2022 · 2 comments · Fixed by brave/brave-core#14390
Assignees
@josheleonard
Labels
feature/web3/wallet Integrating Ethereum+ wallet support front-end-change This task is a front end task and doesn't need any C++ changes OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Milestone
1.44.x - Release

Comments

@josheleonard
Copy link

Description

To increase the overall security, revealing a private key from the account screen should require re-entering the wallet password

Steps to Reproduce

  1. Unlock the Brave wallet
  2. Navigate to Accounts -> Select Account1 -> Account details -> Private Key -> Show key

Actual result:

Key is revealed without additional credential check

Expected result:

User is prompted to enter their password before they can click the "Show key" button
@josheleonard josheleonard self-assigned this Jul 28, 2022
@josheleonard josheleonard mentioned this issue Jul 28, 2022
Merged
25 tasks
@josheleonard josheleonard added QA/Yes release-notes/include front-end-change This task is a front end task and doesn't need any C++ changes feature/web3/wallet Integrating Ethereum+ wallet support labels Jul 28, 2022
@brave-builds brave-builds added this to the 1.44.x - Nightly milestone Aug 1, 2022
@StephenHeaps StephenHeaps mentioned this issue Aug 17, 2022
Closed
@srirambv
Copy link
Contributor

Verification passed on

Brave 1.44.83 Chromium: 105.0.5195.102 (Official Build) beta (64-bit)
Revision 4c16f5ffcc2da70ee2600d5db77bed423ac03a5a-refs/branch-heads/5195_55@{#4}
OS Linux
  • Verified steps from brave/brave-core#14390
  • Verified password is requested before showing private key
  • Verified Show Key buttons is disabled when no input is given
  • Verified Show Key button is disabled when wrong password is entered
  • Verified Show Key changes to Hide Key when correct password is entered to reveal the private key
Enter Password Show Key enabled for password Invalid Password Hide Key
image image image image

Verification passed on

Brave 1.44.83 Chromium: 105.0.5195.102 (Official Build) beta (64-bit)
Revision 4c16f5ffcc2da70ee2600d5db77bed423ac03a5a-refs/branch-heads/5195_55@{#4}
OS Windows 11 Version 21H2 (Build 22000.795)
  • Verified steps from brave/brave-core#14390
  • Verified password is requested before showing private key
  • Verified Show Key buttons is disabled when no input is given
  • Verified Show Key button is disabled when wrong password is entered
  • Verified Show Key changes to Hide Key when correct password is entered to reveal the private key
Enter Password Show Key enabled for password Invalid Password Hide Key

Verification passed on

Brave 1.44.79 Chromium: 105.0.5195.102 (Official Build) beta (arm64)
Revision 4c16f5ffcc2da70ee2600d5db77bed423ac03a5a-refs/branch-heads/5195_55@{#4}
OS macOS Version 12.4 (Build 21F79)
  • Verified steps from brave/brave-core#14390
  • Verified password is requested before showing private key
  • Verified Show Key buttons is disabled when no input is given
  • Verified Show Key button is disabled when wrong password is entered
  • Verified Show Key changes to Hide Key when correct password is entered to reveal the private key
Enter Password Show Key enabled for password Invalid Password Hide Key
image image image image

@kjozwiak kjozwiak mentioned this issue Sep 27, 2022
Closed
@aranyakax
Copy link

aranyakax commented Sep 29, 2022
edited
Loading

Under "Enter Password", it should say, "Enter wallet password" instead of, "Enter new password".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josheleonard josheleonard

Labels
feature/web3/wallet Integrating Ethereum+ wallet support front-end-change This task is a front end task and doesn't need any C++ changes OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Projects
Web3
Archived in project
Milestone
1.44.x - Release
Development

Successfully merging a pull request may close this issue.

fix: password-protect account private key reveal brave/brave-core
4 participants
@srirambv @josheleonard @brave-builds @aranyakax