Closed Bug 299931 Opened 19 years ago Closed 19 years ago

Password Manager can be tricked to never fill in password

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jhouse, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

For particular sites, password manager is (effectively) unable to remember
passwords.  I've found that while the launch bar always displays the same URL,
password manager displays a textual description with some kind of random string
(I think the sites generate it based on the date and time).  It appears that the
passwords in password manager are stored/looked-up based off this constantly
varying string.

Reproducible: Always

Steps to Reproduce:
1. Go to https://www.us.army.mil/suite/login/login.jsp
2. Type in user name and password and tell password manager to remember them
3. Log out
4. Immediate repetition works, but later attempts fail (I don't know the exact
cause of this)

Actual Results:  
Blank password manager box

Expected Results:  
Password manager should have filled in the username/password that was used the
last time.
This is a security feature deliberately implemented by websites to better
protect user accounts from being compromised via saved passwords.

<- INVALID
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.