Hacker News new | past | comments | ask | show | jobs | submit login

Can you elaborate? How does it do that? And why would that level of access, even if a website wanted it, even be a feature of a password manager? Genuinely curious.

You're right, I should elaborate. The site causes a normal KeePassXC-Browser popup, "www.dailymaverick.co.za has requested access to passwords for the following item(s). Please select whether you want to allow access."

Then comes the weird stuff. It may not actually be all my passwords, but it sure is a lot of them, the long list ominously beginning with my bank and a mobile payment solutions.

It's probably a bug of some kind. But sure looks scary.

On my way to work, and on phone only for next many hours, so not able to look further into.

Thanks. If I had to guess, I'd say this sounds more like a problem with KeePassXC than the site. I haven't used KeePassXC, but in my experience of these kind of addons, the site is not even involved in making a request for a password, the password manager kicks in when it detects a login prompt and suggest a password based on the URL of the site you've loaded. That's why I was curious how it would be possible for the site to not only initiate this, but demand passwords for other sites.

Please do. The editorial staff seem like a really well intentioned bunch, but of course there could be something nefarious going on.

Or it could all be FUD, spread by MI6 raises eyebrow

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact