Closed
Bug 269726
Opened 20 years ago
Closed 20 years ago
Password manager remembers username/password on normally restricted secure sites such as banking site.
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: pchase, Assigned: bryner)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
My banking site (http://www.bankone.com/) and a medical prescriptions site
(http://www.medcohealth.com/medco/consumer/home.jsp) would always refuse to
allow my old browser to remember my user name and password for security,
regardless of whether I gave permission or not. I note that Firefox fills both
in on the banking site, and fills in the password on the medical site after I
provide the user name. I have notified the banking site this security flaw.
Reproducible: Always
Steps to Reproduce:
1Go to Bank One login page.
2.
3.
Actual Results:
User name and password are filled in.
Expected Results:
Leave user name and password field blank on a restricted secure web sites even
if user clicked "Yes" to save the information.
Comment 1•20 years ago
|
||
-> invalid
This is no security flaw. The bank can decide that the password should not be
saved if they use autocomplete="off" for their forms.
Both URLS don't use autocomplete="off".
It must be a bug in your old browsers if they don't remember those passwords.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•