Closed Bug 997685 Opened 10 years ago Closed 10 years ago

Password manager wrongly saves empty user names with passwords and wrongly populates these saved passwords

Categories

(Toolkit :: Password Manager, defect)

28 Branch
x86_64
All
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: m.kurz, Unassigned)

References

()

Details

(Keywords: testcase)

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36

Steps to reproduce:

Use this self explaining jsfiddle to reproduce: http://jsfiddle.net/tpA2h/show/


Actual results:

Wrong: A password with EMPTY username gets saved.
Wrong: This password is popuplated for ALL password fields on the same domain.


Expected results:

First: An [EMPTY user name]/[password] combination should NEVER be saved in the password manager.
There should always be a combination of a textfield BEFORE a password field (which both should have a non-empty name attribute) to allow to save a username/password.

Second: The password manager should never populate a password field if there is no textfield in FRONT of it to choose a username from.

Why? See the jsfiddle for explanation.


Google Chrome for example always has a username in the password manager, it never saves an empty user name! And there always has to be an textfield BEFORE a password field which both have a non-empty name attribute to be able to save a username/password.
Also there always has to be an textfield BEFORE a password field to choose/pre-populate a username/password combination.
OS: Linux → All
Similar (but not duplicate): Bug 585591
Component: General → Password Manager
Keywords: testcase
Product: Firefox → Toolkit
Firefox's password manager is explicitly designed to support this. Not every login has a username (mailman being the unfortunate canonical example), and sometimes pages will have a password field without a username field, if the site has remembered you previously (Eg, via cookie). Google's old login pages did this when they wanted you to re-authenticate.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.