Closed Bug 269726 Opened 20 years ago Closed 20 years ago

Password manager remembers username/password on normally restricted secure sites such as banking site.

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: pchase, Assigned: bryner)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

My banking site (http://www.bankone.com/) and a medical prescriptions site
(http://www.medcohealth.com/medco/consumer/home.jsp) would always refuse to
allow my old browser to remember my user name and password for security,
regardless of whether I gave permission or not. I note that Firefox fills both
in on the banking site, and fills in the password on the medical site after I
provide the user name. I have notified the banking site this security flaw.

Reproducible: Always
Steps to Reproduce:
1Go to Bank One login page.
2.
3.

Actual Results:  
User name and password are filled in.

Expected Results:  
Leave user name and password field blank on a restricted secure web sites even
if user clicked "Yes" to save the information.
-> invalid

This is no security flaw. The bank can decide that the password should not be
saved if they use autocomplete="off" for their forms.

Both URLS don't use autocomplete="off".
It must be a bug in your old browsers if they don't remember those passwords.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.