Open
Bug 286857
Opened 16 years ago
Updated 1 year ago
Wrong password field autofilled at https://finanzonline.bmf.gv.at/ due to 2 type=password
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P3)
Tracking
()
NEW
People
(Reporter: 3.14, Unassigned)
References
()
Details
Attachments
(1 file)
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
Updated•15 years ago
|
Assignee: dveditz → nobody
| Reporter | ||
Comment 5•15 years ago
|
||
I was just about to file this bug, obviously I did a year ago. pi
| Reporter | ||
Comment 6•14 years ago
|
||
Problem still exists in: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2pre) Gecko/20070111 SeaMonkey/1.1 The problem is also true if you switch Javascript off. pi
For what it's worth, this does work using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1. It does only store one of the two password fields, though. Is there a bug about saving multiple password values?
Comment 8•12 years ago
|
||
(In reply to comment #0) > I have set user_pref("wallet.crypto.autocompleteoverride", true); and Removing reference to this preference from bug summary, as the site does not use this attribute. (Fwiw, it would otherwise depend on bug 425145 now.) Ftr, page source is +/- like {{ <LABEL for="TID"><b>Teilnehmer-Identifikation:</b></LABEL> <FORM action='/fon/login?' name="LoginForm" method="post"> <INPUT size="20" type="text" maxlength="12" name="TID" class="inputArea" id="TID" value=""> <LABEL for="BENID"><b>Benutzer-Identifikation:</b></LABEL> <INPUT size="20" type="password" maxlength="12" name="BENID" id="BENID" value=""> <LABEL for="PIN"><b>PIN:</b></LABEL> <INPUT size="20" type="password" maxlength="12" name="PIN" id="PIN" value=""> }} (In reply to comment #7) > this does work using Mozilla/5.0 (Macintosh; U; Intel Mac > OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1. It does only > store one of the two password fields, though. Could you check Firefox 3.1b2 and a recent (after bug 433316 & co) SeaMonkey v2.0a3pre ?
QA Contact: privacy
Summary: Password not saved despite setting wallet.crypto.autocompleteoverride to true → Password(s) not saved at https://finanzonline.bmf.gv.at/
| Reporter | ||
Comment 9•12 years ago
|
||
With Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3pre) Gecko/20090223 SeaMonkey/2.0a3 the problem changed. Something is saved, but even worse, wrong data! The first (Teilnehmer-Identifikation) is saved correctly, the second (Benutzer-Identifikation) is saved, but incorrectly namely with the content of the third field (PIN) which in turn is left blank. I could understand (still a bug) that the third field is not saved, but I cannot understand how wrong data is saved. That looks like bug 486829 (when converting the profile wrong data was saved) or bug 474846 comment 16. pi
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
Comment 12•11 years ago
|
||
If this still happens then, it's a toolkit bug, though.
Component: Passwords & Permissions → Password Manager
Product: SeaMonkey → Toolkit
QA Contact: privacy → password.manager
Comment 13•8 years ago
|
||
Sites with more than a user name and password field to remember is 222589.
Status: REOPENED → RESOLVED
Closed: 11 years ago → 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 222589
| Reporter | ||
Comment 14•8 years ago
|
||
Actually, as I reported, it does save something but fills something else. This is different from bug 222589.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 15•7 years ago
|
||
I can confirm that the password in the second password field is autofilled into the first password field after choosing the username from autocomplete.
Status: REOPENED → NEW
Hardware: x86 → All
Summary: Password(s) not saved at https://finanzonline.bmf.gv.at/ → Wrong password field autofilled at https://finanzonline.bmf.gv.at/
Updated•6 years ago
|
Summary: Wrong password field autofilled at https://finanzonline.bmf.gv.at/ → Wrong password field autofilled at https://finanzonline.bmf.gv.at/ due to 2 type=password
Comment 16•6 years ago
|
||
Hi Boris, we recently made improvements to password manager which can help with this bug but we will still only be able to save one "username" and one "password" and we will properly fill them back into the correct fields but I am not sure which field I should save as the "username" field: should it be "Teilnehmer-Identifikation" or "Benutzer-Identifikation"? Thanks
Flags: needinfo?(3.14)
| Reporter | ||
Comment 17•6 years ago
|
||
I would put the username in Teilnehmer and the password in PIN.
Flags: needinfo?(3.14)
Comment 18•6 years ago
|
||
Just to double-check: * What do the 3 fields represent? And which of the first two are associated with an individual? * Are all three field values chosen by the account holder or are some assigned? * Suppose a Firefox profile shared by a household has accounts for multiple members of the household on the same bank, could either of Teilnehmer or Benutzer be the same? Thanks, I'm not familiar with this system and want to make sure the interaction will make sense in various cases.
Flags: needinfo?(3.14)
| Reporter | ||
Comment 19•6 years ago
|
||
Honestly, this form is a bit stupid. The first two are both referring to the user. If I recall correctly, one is assigned, the second not sure, this is not something I would naturally choose. This is a government tax filing system.
Flags: needinfo?(3.14)
Comment 20•6 years ago
|
||
Yes, it's the government system for all kinds of tax-related business. "Teilnehmer" is a fixed string for the user which will never change. Both "Benutzer-ID" and and "PIN" (Password) can be changed by the user through some means, the latter easily, the former harder to do. For access to tax records/administration for a company, for example, the company account has a specific "Teilnehmer" ID but different people who can admin things there all can have different "Benutzer-ID"/"PIN" combinations.
Comment 21•6 years ago
|
||
Oh, and I think even normal people can create additional "Benutzer-ID"/"PIN" combinations with additional specific permissions so that other persons can do certain actions related to their taxes without full access to their account.
Updated•5 years ago
|
Component: Password Manager → Password Manager: Site Compatibility
Updated•1 year ago
|
Priority: -- → P3
You need to log in
before you can comment on or make changes to this bug.