Closed Bug 1604183 Opened 5 years ago Closed 5 years ago

login/password proposal shown based on toplevel domain instead of subdomain

Categories

(Toolkit :: Password Manager, defect)

71 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1601558

People

(Reporter: oz42, Unassigned)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.3991.0 Safari/537.36

Steps to reproduce:

When logging in into host-1.site-1.com, I get a suggestion from password manager for many other saved logins inside the site-1.com domain. The password manager does not have a password for host-1.site-1.com

Actual results:

Everyone peeking over my shoulder can see: ah, look at all these logins inside site-1.com that Olaf knows. All my logins inside site-1.com are revealed.

Expected results:

If there are two ore more saved passwords: Password manager should present the matching logins for host-1.site-1.com only

If there is only one saved login: Password manager shoult quitely fill in login and password

If there is no saved login: Password manager should stay quiet

Attached image screenshot
Attachment #9116136 - Attachment mime type: application/octet-stream → image/png

Not an exploitable bug that needs to stay hidden.

Group: firefox-core-security
Component: Untriaged → Password Manager
Keywords: dupeme
Product: Firefox → Toolkit
Summary: login/password proposal shown for many sites → login/password proposal shown based on toplevel domain instead of subdomain

(In reply to Olaf from comment #0)

Everyone peeking over my shoulder can see: ah, look at all these logins inside site-1.com that Olaf knows. All my logins inside site-1.com are revealed.

If there are two ore more saved passwords: Password manager should present the matching logins for host-1.site-1.com only

If there is only one saved login: Password manager shoult quitely fill in login and password

If there is no saved login: Password manager should stay quiet

See the User Story field of bug 589628 for cases where the user would want a suggestion from a different subdomain. Since we can't know for sure when a user doesn't want to use a login from a different username we give the user a choice which they can ignore. Unfortunately I don't have a good suggestion to address the privacy concern without breaking subdomain suggestions altogether for the average user. If you have any other ideas, I'm open to hearing them. I will dupe this to a similar bug for now.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE

For the average user, the least complicated method would be:

  • if FF knows login and password, enter it automatically
  • if FF does not know login and password, do nothing
  • if FF knows a login from the same domain: ask the user ONCE if it should select that one

Every other behaviour is confusing and frustrating. Currently, the FF password manager is broken too much to use it in a production environment.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: