Google Chrome Domain Authentication and Clear Text Passwords in the HTTP Header

Google Chrome Domain Authentication and Clear Text Passwords in the HTTP Header

In an answer to Windows Authentication with Google Chrome it is indicated that Chrome does not yet support Auto NTLM Authentication which means that users authenticating to sites using Windows Authentication are prompted for a login. Which is annoying but not a problem. Where the problem resides is that the users password is then sent in clear text to the authenticating site.

Asked by: Guest | Views: 306

Total answers/comments: 2

Comments display order:

Guest [Entry]

NTLM is currently being ported to Chrome. See this. Just wait for the next version.

Guest [Entry]

"In reply to your comment on bdonlan's answer:

I am guessing I won't be able to see the authentication because the site I am running against is using SSL.

The burp proxy tool allows watching (and even modifying) HTTP requests and responses, and it can act as a HTTPS proxy too. (It may or may not work, depending on how Chrome uses HTTPS proxies.)"