Open Bug 1334217 Opened 8 years ago Updated 3 years ago

Password incorrectly detected as username on mycochlear.com

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P3)

Product:
Toolkit
Component:
Password Manager: Site Compatibility
Version:
50 Branch
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: robertmstow, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Build ID: 20161208153507 Steps to reproduce: A web site (https://store.mycochlear.com/store/index.php/cab2c/) required "special characters" in my new password so I used the @ character in my password. 1.) Steps: enter new password on the web site username = my_email_address@gmail.com password = Alpha@Beta_Delta 2.) Firefox asks if I want to save this login information: username = Alpha@Beta_Delta password = Alpha@Beta_Delta 3.) Manually corrected the username information by typing it in FireFox's little remember this logon dialog box. 4.) Next time I go to the Cochlear store FireFox correctly autofills my username and password ... but because my password contains the @ character FireFox prompts my to save my "changed" logon information with my password AGAIN displayed in the username field. Actual results: Mozilla continues to think my password is my username. Expected results: Mozilla should have paid attention to the labels on the login form - UserName and Password - to determine which is field is the username and which is the password. The presence of the @ character in my password should have played no role whatsoever. And by displaying my password in plain text in the username field Mozilla is also showing it to anyone who happens to be looking over my shoulder.
OS: Unspecified → Windows 7
Hardware: Unspecified → x86_64
Component: Untriaged → Password Manager
Product: Firefox → Toolkit
URL: https://store.mycochlear.com/store/in...
Component: Password Manager → Password Manager: Site Compatibility
Priority: -- → P3

FWIW, this bug still happens with the web site I initially reported. Both my Windows version and FireFox version have changed in the meantime: I am now on Win10 Pro with FireFox 64.0.2.

However, when I was required a few minutes ago to create a new password for Bugzilla I use an @ in the new password ... and so far do not see this bug when logging out and then back into Bugzilla.

The "@" in the password field wouldn't affect our heuristics to figure out the username or password, that's just a red herring.

Summary: Password incorrectly detected as username when password contains @ character → Password incorrectly detected as username on mycochlear.com
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.