Closed
Bug 174362
Opened 22 years ago
Closed 22 years ago
Password Manger does not accept login and password for https site
Categories
(SeaMonkey :: Passwords & Permissions, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 153986
People
(Reporter: grudy, Assigned: morse)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2b) Gecko/20021013
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2b) Gecko/20021013
The Password Manager dialog window does not open to accept the login and
password on a secure page (https) and the information is not saved.
Reproducible: Always
Steps to Reproduce:
1.go to https://www.cibc.com
2.enter username and password
3.click enter or press return
Actual Results:
Password Manager dialog window did not open and the site was logged in.
Went to another site (http://) and Password Manager worked correctly.
Expected Results:
Open dialog window for Password Mangager to save login and password
browser!=bugzilla
Assignee: justdave → morse
Component: Bugzilla-General → Password Manager
Product: Bugzilla → Browser
QA Contact: matty → tpreston
Version: unspecified → other
|
||
Comment 2•22 years ago
|
||
This has absolutely nothing to do with Bugzilla
-> Browser (except timeless beat me to it)
And I doubt if this has anything to do with HTTPS, also, I use Password Manager
on HTTPS sites all the time (Mac OS X CFM 2002101009). I do have this problem
with Citibank's online banking though. I think it's their website at fault.
They construct the page in such a way that Mozilla can't tell it's a login page.
|
|
||
Comment 3•22 years ago
|
||
Here's the relevant chunk of source off of CIBC's site:
<td width="250" height="28"><font class="text">
<form name="temp" value="" onSubmit="document.SignOn.password.focus(); return
false;">
<input type="text" name="cardNumber" value="" size="13" maxlength="25"
class="form">
<br><nobr>CIBC bank or CIBC VISA card number
</form>
<form name="SignOn" value=""
action="https://www.cibc.com/solution/service/pers/pcb/scripts/SignOn.jsp"
method="post"
onSubmit="return(validateForm())">
<input type="hidden" name="onError" value="SignOn|Return to Sign On">
<input type="hidden" name="recvref" value="">
<input type="hidden" name="cardNumber" >
<input type="hidden" name="locale" value="en_CA" >
<input TYPE="hidden" NAME="BV_UseBVCookie" VALUE="Yes">
<input type="hidden" name="imp" value="0" >
<input type="password" name="password" value="" size="8" maxlength="12"
class="form">
<br> 6-12 character Online Banking password
</form>
<a href="javascript:if(validateForm()) document.SignOn.submit();">
<img tabindex="3" alt="Sign On" src="/english/images/sign_on.gif" width="65"
height="16" border="0"></a>
</font></td>
You'll note that the card number and the password are in two separate forms, and
neither one is the one you're actually submitting.... the "SignOn" form has
hidden fields for both that get set by the javascript before it submits.
|
|
||
Comment 4•22 years ago
|
||
and seeing as how this is an online banking site, I'm betting they
conscientiously did that on purpose to prevent password manager apps from being
able to see it. It's a security risk to let passwords with access to money be
saved. :-) (because then anyone with access to your computer could log into the
site without a password, effectively).
|
Assignee | |
Comment 5•22 years ago
|
||
Dave's analysis is correct about why password manager is not saving the login in
this case. But I doubt that they did it on purpose. They could have
acoomplished this much easier by using "autocomplete=off".
In any event, this goes into the general catagory of improving the
password-managers heuristic. That's covered by bug 153986
*** This bug has been marked as a duplicate of 153986 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•