Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » Eclipse swt text as password field expose password in dump file.(Ecilpse swt text used as password field expose the password in java dump file)
Eclipse swt text as password field expose password in dump file. [message #1830893] Thu, 06 August 2020 05:34 Go to next message
Ajit Kumar is currently offline Ajit KumarFriend
Messages: 1
Registered: August 2020
Junior Member
Hi Eclipse SWT Community,

We are using swt Text component
new Text(c1_servertabcomp, SWT.BORDER | SWT.PASSWORD); for the password field. I see when we run the application and take a java dump in administrator mode then i can see the password is appearing in the plain text.
Please provide your suggestion to fix the issue.

Step to reproduce the issues.
Step1: Run java application.
Step2: Now open the task manager with Admin mode and right click on the running process of the application i.e. "javaw.exe" and right click and create a dump file.
Step3: Download and Install Winhex memory analysis tool from the internet and then navigate to the location of the dump file and open the file in winhex memory analysis tool.
Step4: Now press Ctrl+F and search for the username and password in the file and one can observe that the username and password are stored as clear text in the memory which confirms the vulnerability.

Report message to a moderator

Re: Eclipse swt text as password field expose password in dump file. [message #1830923 is a reply to message #1830893] Thu, 06 August 2020 17:36 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 31702
Registered: July 2009
Senior Member
Of course if someone can inspect files on your file system and even force processes to dump their contents, passwords in those processes might become visible. But how is this a vulnerability? Is some hacker can inspect the memory of your running processes as admin or read arbitrary files on your file system into which you artificially dumped memory , you have a much bigger problem on your hands than this one.

Don't expect anyone to "fix" this.

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

Previous Topic:How do I install a bare bones Eclipse the first time?
Next Topic:Facing Issue in Opening Eclipse
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Jan 19 15:24:40 GMT 2021

Powered by FUDForum. Page generated in 0.02800 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly