Closed Bug 1736418 Opened 2 months ago Closed 2 months ago

Password generator suggests a paypal.com password that includes forbidden character `,`

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P2)

defect

Tracking

()

RESOLVED FIXED
95 Branch
Tracking Status
firefox95 --- fixed

People

(Reporter: cpeterson, Assigned: tgiles)

Details

Attachments

(2 files)

https://www.paypal.com/myaccount/security/

Twice now, Firefox's password generator has suggested a paypal.com password that included the character , which paypal.com forbids in its passwords. Here is one of the forbidden passwords suggested: kX9Y8uWs^#8,zKf. (NOTE: that is NOT my password. I generated this example password and then deleted.)

Firefox's password-rules.json says paypal.com required: digit, [!@#$%^&*()], which looks correct, but doesn't mention that , is forbidden.

https://searchfox.org/mozilla-central/rev/5122357c497684e01c5bb2d4a9bf8be1fe97a413/services/settings/dumps/main/password-rules.json#874-875

Attached is the Browser Console's "Login" messages logged with signon.debug enabled.

I have only tested this bug in Nightly 95.

Based on

If you specify the required property and do not specify the allowed property then the allowed property is inferred to be the value of the required property.

from https://github.com/whatwg/html/issues/3518#requiring-that-a-password-contain-certain-characters

only !@#$%^&*() are allowed, , is not allowed.

Got a patch to fix this, just need to write some tests. The issue was on the password generator side of things, we were adding in commas where we shouldn't have and that was being included in list of characters used to generate the password.

Assignee: nobody → tgiles
Status: NEW → ASSIGNED
Severity: -- → S3
Priority: -- → P2
Pushed by sgalich@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/76f4e5abcdd5
Fix string concatenation that was causing extra characters to appear during improved password generation. r=sgalich
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in before you can comment on or make changes to this bug.