Auto-populate false-positive

[breyed]

On the home page for amazon.com, PasswordMaker 0.8.2 is autopopulating the password into the search keyword field.  The result is that the generated password is displayed in plain text in the browser page (and submitted unsecured if you would happen to click Go).

I can't see any explanation for the auto-population.  Here's the HTML for the field that is auto-populated:

Code:

<input type="text" name="field-keywords" size="15">

[Tyrantmizar]

I can't reproduce the auto-populate part, but the fact that it goes to the search field is not good...

[Eric H. Jung]

I'll take a closer look tonight. The algorithm for determining what's a password field (and what's not) completely changed in 0.8.2. I was quite hesitant to do this since the existing algorithm was mature and well-tested (close to a year's use and no complaints). But I saw how the BugMeNot extension was detecting password fields and it looked attractive.

I should have left it alone :(

Sorry for the inconvenience. I will change the algorithm back to the old one ASAP.

-Eric

[Eric H. Jung]

I reproduced the problem on Amazon.com. I've found the problem -- it is with the BugMeNot code. PasswordMaker's previous code works fine.

I'll release a fix tonight.

[breyed]

Verified fixed in 0.8.3.  I verified on amazon.com plus a non-public site that was exhibiting the same problem.

Thanks for the fix!  :)

[Eric H. Jung]

My pleasure. Thanks for using PasswordMaker.

-Eric