Closed
Bug 475943
Opened 17 years ago
Closed 17 years ago
'Saved passwords' autofills wrong password when multiple accounts exist with similar usernames
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: bugzilla, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2
This problem is exhibited when using Firefox to fill a login prompt with a saved password. If multiple username/passwords combinations have been saved that are identical except for case differences in the username, it is possible for the wrong password to be autofilled.
Reproducible: Always
Steps to Reproduce:
1. Go to an site with a long prompt that has case-sensitive usernames.
2. Sign in first using one username and password. The username used should have both upper- and lower-case characters. Submit the form and acknowledge that Firefox should save the password.
3. Sign in second time using another username and password, the username should be the same as used in step #2, except it should be all lower-case. Use a different password. Submit the form and acknowledge that Firefox should save the password.
4. Return to the login prompt and type the all lower-case username from step #3. Press the tab key to move the cursor to the password field, trigger Firefox to fill the password.
5. Note that the lower-case username has been replaced with the multi-case username from step #1, and the password that is auto-filled is the password used in step #1. The correct behavior would be for the password from step #2 to have been filled, since that matches the username that was typed.
Actual Results:
The username entered was replaced with another stored username, identical except for the case. The password that is auto-filled is the one from the wrong username, not the username typed.
Expected Results:
The correct behavior would be for the password from step #2 to have been filled, since that matches the username that was typed.
The usernames and passwords were originally saved using a previous 3.0 version of Firefox, which handles the similar usernames when autofilling passwords without any problem. The issue was first noticed in beta 3.1b2.
Updated•17 years ago
|
Component: Location Bar and Autocomplete → Password Manager
Product: Firefox → Toolkit
QA Contact: location.bar → password.manager
Comment 1•17 years ago
|
||
I've confirmed this issue still exists in Firefox 3.1b3
Comment 2•17 years ago
|
||
This is probably partially a result of the fix for bug 447788.
We're kind of screwed no matter which way we do things, but I think the current behavior is better. Having multiple accounts (with different passwords) that differ only in case is already full of fail for a multitude of reasons, so I'm not really inclined to want to support that use-case.
Comment 3•16 years ago
|
||
See the discussion for 499649. WONTFIX is really an unacceptable resolution for this issue. Users clearly HAVE multiple accounts that differ in case, and this fix has made the password management system totally unusable for them. Bug 447788 was a very minor inconvenience with a simple workaround, while the 'fixed' version makes it totally impossible to use the password manager for many users on some sites.
Comment 4•15 years ago
|
||
I agree with Craig's comment #3.
Under SeaMonkey 1.1.18, I had two similar usernames (one lower case, the other proper; otherwise identical) for a particular site. This worked fine, and I was able to select whichever one I wanted.
Under:
Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9.1.11) Gecko/20100707 Lightning/1.0b2 Mnenhy/0.8.3 SeaMonkey/2.0.6
Even if I strike over the uppercase first letter, as soon as I tab to the next field (password), the username switches back to proper case, and the login fails. To work around, I had to actually delete one of the saved usernames.
Under normal circumstances, this isn't likely to happen. In my case, I didn't even realize when I set up the second account that I already had the first login, and simply used a "common" (to me) username. Previously, this was not an issue. Now, it is a major inconvenience.
Please re-open, and mark cross-platform (I am on OS/2 - eCS, actually).
You need to log in
before you can comment on or make changes to this bug.
Description
•