Additional verification for password auto-filling when separate pages are used for username / password forms
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
People
(Reporter: aflorinescu, Unassigned)
Details
[Environment:]
Ubuntu 16.05, Windows 10, Mac 10.14
66.0.3 20190409155332
67.0b13 20190422163745
68.0a1 20190424215525
[Description:]
Nowadays, it seems that there are more and more logins that split the user and password on different pages.
For multiple users on the same target site, there would be a common occurrence that in order to input the 2nd login, they will rather edit the first username rather than entirely delete it. This is most common on the logins that require email.
[Steps:]
- Open google.com.
- Press connect.
- Input user / Next Input password -> use pass manager to save it.
- If you used valid credentials use add account from google interface;
4'. If the credentials submitted were fake, just refresh the login page. - Edit the autofilled username, replacing adi with adrian:
from adi@gmail.com into adrian@gmail.com - Press next to go to the password section.
[Actual Result:]
The password is auto-filled for the first saved user (the one pass manager has stored a u/p)
[Expected Result:]
In the case of different pages for username and password, I think we should have an additional check that verifies the username and populate the correct password or none at all for the input username.
In the login form in the same page, this doesn't really make sense, since we autofill username and password in the same time.
[Regression Range:]
This is not a regression.
|
||
Updated•6 years ago
|
Description
•