mindbodyonline.com tries to change password to some base64 blob after login
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P3)
Tracking
()
People
(Reporter: cpeterson, Unassigned)
References
(Depends on 1 open bug, )
Details
Attachments
(1 file)
58.77 KB,
text/plain
|
Details |
Steps to reproduce
- Load http://clients.mindbodyonline.com/ws.asp?studioid=20638&stype=-99
- Log in using Email and Password.
- The login will succeed and Firefox will ask if you'd like to save your password, so save it now.
- You will now be on mindbody's "MY INFO" page.
- Click to another section on the page such as "YOGA & MAT CLASSES" or "ONLINE STORE".
Expected result
The page should switch to the other section.
Actual result
The page does switch to the other section, but Firefox shows a door hanger asking me if I'd like to change my password to some string that looks base64 encoded (something like "xxxxxxxxxxxxxxx/xxxxxx=="). Firefox shows this door hanger every time I switch from the "MY INFO" section to another section.
I've attached the Browser Console log (as per the Password Manager/Debugging wiki's instructions. The log includes all the steps from my STR above: a successful login and then a switch away from the "MY INFO" section.
This door hanger seems like new problem because I use this website every week and first noticed this problem today. I tried bisecting for a Firefox regression using mozregression, but I could reproduce the door hanger at least as far back as Firefox 68 (July 2019). So I suspect this is a website content change, though I don't see any obvious visual differences compared to the website last week.
Comment 1•4 years ago
|
||
We are actively working on providing the correct password in a dropdown as a mitigation (parity-Chrome) and will also figure out how to prefer the non-hashed version in some cases.
Updated•4 years ago
|
Comment 2•4 years ago
•
|
||
I guess this is slightly different than bug 1600397 since this prompt happens on every navigation rather than only at login time.
Description
•