login/password proposal shown based on toplevel domain instead of subdomain
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
People
(Reporter: oz42, Unassigned)
Details
Attachments
(1 file)
21.20 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.3991.0 Safari/537.36
Steps to reproduce:
When logging in into host-1.site-1.com, I get a suggestion from password manager for many other saved logins inside the site-1.com domain. The password manager does not have a password for host-1.site-1.com
Actual results:
Everyone peeking over my shoulder can see: ah, look at all these logins inside site-1.com that Olaf knows. All my logins inside site-1.com are revealed.
Expected results:
If there are two ore more saved passwords: Password manager should present the matching logins for host-1.site-1.com only
If there is only one saved login: Password manager shoult quitely fill in login and password
If there is no saved login: Password manager should stay quiet
Updated•5 years ago
|
Comment 2•5 years ago
|
||
Not an exploitable bug that needs to stay hidden.
Comment 3•5 years ago
|
||
(In reply to Olaf from comment #0)
Everyone peeking over my shoulder can see: ah, look at all these logins inside site-1.com that Olaf knows. All my logins inside site-1.com are revealed.
…
If there are two ore more saved passwords: Password manager should present the matching logins for host-1.site-1.com onlyIf there is only one saved login: Password manager shoult quitely fill in login and password
If there is no saved login: Password manager should stay quiet
See the User Story field of bug 589628 for cases where the user would want a suggestion from a different subdomain. Since we can't know for sure when a user doesn't want to use a login from a different username we give the user a choice which they can ignore. Unfortunately I don't have a good suggestion to address the privacy concern without breaking subdomain suggestions altogether for the average user. If you have any other ideas, I'm open to hearing them. I will dupe this to a similar bug for now.
For the average user, the least complicated method would be:
- if FF knows login and password, enter it automatically
- if FF does not know login and password, do nothing
- if FF knows a login from the same domain: ask the user ONCE if it should select that one
Every other behaviour is confusing and frustrating. Currently, the FF password manager is broken too much to use it in a production environment.
Description
•