Closed Bug 236418 Opened 22 years ago Closed 22 years ago

After entering in log-in information, and signing into sites, browser automatically logs in when navigating to the pages later.

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: neonjohn, Assigned: security-bugs)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 After logging into http://webmail.juno.com, and www.friendster.com/login.jsp, then later navigating away from the pages, and coming back to them, the browser seems to automatically log me in again, without requiring the log-in info. I disabled the password manager, and told it not to remember any passwords, and not to fill in any forms, and it continues to automatically log me into those particular sites. Reproducible: Always Steps to Reproduce: 1.go to http://webmail.juno.com, or www.friendster.com/login.jsp 2.enter log-in information (email address and password) 3.Either navigate away from either page, or close the broswer. 4.Again, go to http://webmail.juno.com, or www.friendster.com/login.jsp 5.The browser should automatically go to the inbox, or personal home page at the particular sites, completely bypassing the required log-in information. Actual Results: "see above" Expected Results: The software should have brought me to the form where I have to enter the log-in information (email, and password).
there's nothing security sensitive about this. when you say "it continues to automatically log me into those particular sites", do you mean that it prefills your username and password (that's all form manager/password manager do, they don't click login for you). are they storing cookies?
Group: security
this IS being caused by cookies - suggesting that this bug be marked INVALID, it is the intended behaviour of cookies to allow automatic logins such as this. as a side note you will notice that friendster gives you the option to not "remember my email address".
not a bug.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.