Skip to main content



      Home
Home » Newcomers » Newcomers » Eclipse swt text as password field expose password in dump file.(Ecilpse swt text used as password field expose the password in java dump file)
Eclipse swt text as password field expose password in dump file. [message #1830893] Thu, 06 August 2020 01:34 Go to next message
Eclipse UserFriend
Hi Eclipse SWT Community,

We are using swt Text component
new Text(c1_servertabcomp, SWT.BORDER | SWT.PASSWORD); for the password field. I see when we run the application and take a java dump in administrator mode then i can see the password is appearing in the plain text.
Please provide your suggestion to fix the issue.

Step to reproduce the issues.
Step1: Run java application.
Step2: Now open the task manager with Admin mode and right click on the running process of the application i.e. "javaw.exe" and right click and create a dump file.
Step3: Download and Install Winhex memory analysis tool from the internet and then navigate to the location of the dump file and open the file in winhex memory analysis tool.
Step4: Now press Ctrl+F and search for the username and password in the file and one can observe that the username and password are stored as clear text in the memory which confirms the vulnerability.
Re: Eclipse swt text as password field expose password in dump file. [message #1830923 is a reply to message #1830893] Thu, 06 August 2020 13:36 Go to previous message
Eclipse UserFriend
Of course if someone can inspect files on your file system and even force processes to dump their contents, passwords in those processes might become visible. But how is this a vulnerability? Is some hacker can inspect the memory of your running processes as admin or read arbitrary files on your file system into which you artificially dumped memory , you have a much bigger problem on your hands than this one.

Don't expect anyone to "fix" this.
Previous Topic:How do I install a bare bones Eclipse the first time?
Next Topic:Facing Issue in Opening Eclipse
Goto Forum:
  


Current Time: Sat Jul 05 04:33:17 EDT 2025

Powered by FUDForum. Page generated in 0.07722 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top