Closed
Bug 166415
Opened 23 years ago
Closed 23 years ago
Edituser sometimes resets users password when not wanted
Categories
(SeaMonkey :: Passwords & Permissions, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 153986
People
(Reporter: bugreport, Assigned: justdave)
Details
Attachments
(2 files)
The password manager entry
It seems that the editusers form frequently is filled in by the mozilla password
manager (though it is difficult to understand under what conditions this
happens) and causes an unwanted change to a user's password.
Somehow, Bugzilla needs to keep this from happening or force the person running
editusers to indicate that they are changing a password on purpose.
|
Reporter | |
Comment 1•23 years ago
|
||
The password sent to the form seems to be the password for Bonsai administration
|
||
Comment 2•23 years ago
|
||
Is this build independent or do you see it with both old (f.e. Mozilla 1.0) and
new builds?
|
|
Reporter | |
Comment 3•23 years ago
|
||
This is seen on Build 2002053012, but I am having trouble making a controlled
experiment.
The "username" on the machine that keeps volunteering passwords is the same as
bonsai's "last time the tree was good" date. Both bonsai and bugzilla consider
the field name (form variable) for the password to be "password"
If I change the form variable name on Bugzilla's editusers.cgi to "newpassword",
then the problem goes away.
|
|
||
Comment 4•23 years ago
|
||
Can you post some URL's here.
Also, did you ever ask password manager to save a username/password pair for
this? Password manager shouldn't ever fill anything in if you hadn't previously
asked it to save something.
Can you go to the password-manager dialog and tell us what saved information you
see there.
|
|
Reporter | |
Comment 5•23 years ago
|
||
This got the password from a cookie with a date as the username
|
|
Reporter | |
Comment 6•23 years ago
|
||
|
|
Reporter | |
Comment 7•23 years ago
|
||
When this happens,
A password is stored when prompted from a Bonsai admin page at....
http://mycompany.com:8080/bonsai/admin......
and is stuffed into the form in attachment 978387 (without prompting) located at...
http://mycompany.com:8080/bugzilla/editusers....
I suspect that PWM may be falling back on a "universal" username of 01-01-1970
00:00:00 if its heuristics don't identify a username.
Also, I did hack bugzilla so that the field name of the password field is not
"password" and this does supress this problem.
Component: Administration → Password Manager
Product: Bugzilla → Browser
Version: 2.16 → other
|
|
||
Comment 8•23 years ago
|
||
If I'm understanding this correctly, the problem is that the heuristic used by
the password manager is being foiled in this case. No, 01-01-1970 is not a
universal username, but rather a value that you had entered in some other form
from the same host and the heuristic was thinking that it applied to this form.
*** This bug has been marked as a duplicate of 153986 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•21 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•