Closed
Bug 1313699
Opened 8 years ago
Closed 5 years ago
Munged username filled on fidelity.com/401k.com
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P3)
Toolkit
Password Manager: Site Compatibility
Tracking
()
RESOLVED
FIXED
mozilla68
| Tracking | Status | |
|---|---|---|
| firefox68 | --- | fixed |
People
(Reporter: jidanni, Unassigned)
References
()
Details
(Whiteboard: [fixed by bug 1427624])
User Agent: Mozilla/5.0 (X11; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0 Build ID: 20160925011120 Steps to reproduce: Tried to login to https://www.fidelity.com/ using what was prefilled. Actual results: It said my credentials were wrong. Expected results: Be able to login. Sites like Fidelity are probably using a cookie so that when you visit them later, your username gets pre-filled in. However it is pre-filled in by them with stars **** at the front. The user then types his password, which is remembered by browsers in the combination ****blabla / password. A future third login begins the never ending frustration: Both fields are pre-filled in, but login somehow fails, as probably the stars are being sent to the server instead of the full user name, as now Firefox is filling out both fields or something, The only way for the user to actually login now is for him to retype the his user name.
|
Reporter | |
Updated•8 years ago
|
Component: Untriaged → Security
|
|
Reporter | |
Comment 1•8 years ago
|
||
I also opened https://bugs.chromium.org/p/chromium/issues/detail?id=660396 but I selected "security" which caused the bug to be unviewable to you. Sorry.
|
|
Reporter | |
Comment 2•8 years ago
|
||
OK https://bugs.chromium.org/p/chromium/issues/detail?id=660396 is now viewable.
I see the SSN (username) parameter will not be send if user was not clicked the username box, with Devtools - Network. This is a website issue.
Status: UNCONFIRMED → NEW
Has STR: --- → yes
Component: Security → Password Manager: Site Compatibility
Ever confirmed: true
OS: Unspecified → All
Product: Firefox → Toolkit
Hardware: Unspecified → All
Summary: ****'s remembered instead of username → auto filled username not be sent on fidelity.com
Version: 50 Branch → unspecified
|
||
Comment 4•7 years ago
|
||
We just received another report about this on webcompat.com. Regardless of it being site error, it seems that something in Chrome 55.0.2883.87 corrected the issue on their end. Shall we find out what that was and adopt something similar?
Flags: needinfo?(MattN+bmo)
See Also: → https://webcompat.com/issues/10098
|
||
Comment 5•7 years ago
|
||
Password manager isn't being actively worked on at the moment so it wouldn't be a high priority to get that info.
Flags: needinfo?(MattN+bmo)
Priority: -- → P3
|
|
||
Updated•5 years ago
|
Summary: auto filled username not be sent on fidelity.com → Munged username filled on fidelity.com/401k.com
|
|
||
Comment 6•5 years ago
|
||
We should no longer save the asterisk since bug 1427624 on Nightly, instead we will leave the username field blank for the user to manually fill (the password can be filled via autocomplete still without the username).
Can you confirm that this working for you in Nightly? https://nightly.mozilla.org/
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox68:
--- → fixed
Flags: needinfo?(wisniewskit)
Flags: needinfo?(jidanni)
Resolution: --- → FIXED
Whiteboard: [fixed by bug 1427624]
Target Milestone: --- → mozilla68
|
|
Reporter | |
Comment 7•5 years ago
|
||
Well I use debian sid so am behind (66), so I will trust you.
Flags: needinfo?(jidanni)
|
||
Comment 8•5 years ago
|
||
I don't personally have an account, so I can't be sure.
Flags: needinfo?(wisniewskit)
You need to log in
before you can comment on or make changes to this bug.
Description
•