Internet Explorer on Windows Phone 8.1 has a security flaw, and it's kinda serious

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more


Windows Phone 8.1’s default web browser, Internet Explorer has a pretty serious security flaw. The browser always masks password fields on web pages with asterisks – for example, if your password is “banter123” and you type in the password on a password field, the browser will display “********”. Now, if you copy and paste the password somewhere else, it won’t reveal the password – that means it will still display ********.

However, a user has discovered a new security flaw on Internet Explorer which reveals the inputs from a password field. If you type a password in a password field and search it using the dedicated button, it will open Bing Search or Cortana and reveal the password. If you want to test this security flaw on your Windows Phone 8.1, follow this steps:

  • Input a dummy password into a password field on any web page
  • Select the password and Search
  • …and you’ll see that the password gets revealed

It’s worth mentioning that Microsoft has fixed this issue on Windows Mobile 10 aka Windows 10 for Phones. However, we’re not sure if Microsoft will fix this issue for Windows Phone 8.1 users. Nonetheless, we’ll make sure to keep our readers updated with the latest info on this topic.

More about the topics: bug, internet explorer, microsoft, security

Leave a Reply

Your email address will not be published. Required fields are marked *