One of our lead Ethical Hackers is at a client’s office performing security testing, and notices someone left their computer unattended and unlocked.
We want to see if we can get a password to the client’s portal (in our example we have shown Yahoo mail to maintain our strict confidentiality policy for our clients).
We go to the portal and see the password is saved:
Right click IN Password Field and choose “inspect element”:
Look for type =”password”
Double click where it says password type in text and hit “enter”:
Now we have their password, as shown below in the password field:
This account is now compromised, and if they reuse passwords (which many people do) we could also gain access to other accounts that belong to them! This is a great example of “what not to do” to share in your security awareness training for users.