Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional Password-protection for Wallet Backup Seed reveal #24534

Closed
josheleonard opened this issue Aug 8, 2022 · 2 comments · Fixed by brave/brave-core#14541
Closed

Add additional Password-protection for Wallet Backup Seed reveal #24534

josheleonard opened this issue Aug 8, 2022 · 2 comments · Fixed by brave/brave-core#14541
Assignees
@josheleonard
Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Milestone
1.45.x - Release

Comments

@josheleonard
Copy link

Description

To increase the overall security, revealing the Brave Wallet backup seed phrase from should require re-entering the wallet password

Steps to Reproduce

  1. Unlock the Brave wallet
  2. Navigate to Portfolio Screen -> Click the "..." icon -> Select "Back up Now" -> Agree to Terms -> Continue

Actual result:

Seed is revealed without additional credential check

Expected result:

User is prompted to enter their password before they can click the "continue" button
@josheleonard josheleonard self-assigned this Aug 8, 2022
@josheleonard josheleonard changed the title Add additional Password-protection for Wallet Backup Add additional Password-protection for Wallet Backup Seed reveal Aug 9, 2022
@josheleonard josheleonard mentioned this issue Aug 9, 2022
Merged
25 tasks
@diracdeltas
Copy link
Member

@josheleonard is this from the doyensec audit?

@StephenHeaps StephenHeaps mentioned this issue Aug 17, 2022
Closed
@brave-builds brave-builds added this to the 1.45.x - Nightly milestone Aug 24, 2022
@LaurenWags LaurenWags added the feature/web3/wallet Integrating Ethereum+ wallet support label Sep 28, 2022
@srirambv
Copy link
Contributor

srirambv commented Oct 7, 2022

Verification passed on

Brave 1.45.88 Chromium: 106.0.5249.91 (Official Build) beta (64-bit)
Revision fa96d5f07b1177d1bf5009f647a5b8c629762157-refs/branch-heads/5249@{#707}
OS Linux
  • Verified steps from brave/brave-core#14541
  • Verified additional password-protection is shown before revealing Backup Seed words
24534.mp4

Verification passed on

Brave 1.45.88 Chromium: 106.0.5249.91 (Official Build) beta (64-bit)
Revision fa96d5f07b1177d1bf5009f647a5b8c629762157-refs/branch-heads/5249@{#707}
OS Windows 11 Version 21H2 (Build 22000.978)
  • Verified steps from brave/brave-core#14541
  • Verified additional password-protection is shown before revealing Backup Seed words
24534.mp4

Verification passed on

Brave 1.45.88 Chromium: 106.0.5249.91 (Official Build) beta (arm64)
Revision fa96d5f07b1177d1bf5009f647a5b8c629762157-refs/branch-heads/5249@{#707}
OS macOS Version 12.4 (Build 21F79)
  • Verified steps from brave/brave-core#14541
  • Verified additional password-protection is shown before revealing Backup Seed words
24534.mov

@LaurenWags LaurenWags mentioned this issue Oct 24, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josheleonard josheleonard

Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Projects
Web3
Archived in project
Milestone
1.45.x - Release
Development

Successfully merging a pull request may close this issue.

fix: pw protect seed during backup after on-board brave/brave-core
5 participants
@diracdeltas @srirambv @LaurenWags @josheleonard @brave-builds