Author Topic: Auto-populate false-positive  (Read 9646 times)

Offline breyed

  • Jr. Member
  • **
  • Posts: 28
Auto-populate false-positive
« on: September 15, 2005, 08:11:22 PM »
On the home page for amazon.com, PasswordMaker 0.8.2 is autopopulating the password into the search keyword field.  The result is that the generated password is displayed in plain text in the browser page (and submitted unsecured if you would happen to click Go).

I can't see any explanation for the auto-population.  Here's the HTML for the field that is auto-populated:

Code: [Select]
<input type="text" name="field-keywords" size="15">

Offline Tyrantmizar

  • Sr. Member
  • ****
  • Posts: 307
Auto-populate false-positive
« Reply #1 on: September 15, 2005, 09:42:02 PM »
I can't reproduce the auto-populate part, but the fact that it goes to the search field is not good...
Tyrantmizar
- <a href="http://tyrantmizar.blogsome.com/">Check out my blog</a> (shameless plug :P)
- Lord of the Feature Requests / Enhancements Forum - BWAHAHAHAHA!!!!
- Lord of the other one, the [url=http://forums.passwordmaker.o

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Auto-populate false-positive
« Reply #2 on: September 15, 2005, 10:11:42 PM »
I'll take a closer look tonight. The algorithm for determining what's a password field (and what's not) completely changed in 0.8.2. I was quite hesitant to do this since the existing algorithm was mature and well-tested (close to a year's use and no complaints). But I saw how the BugMeNot extension was detecting password fields and it looked attractive.

I should have left it alone :(

Sorry for the inconvenience. I will change the algorithm back to the old one ASAP.

-Eric

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Auto-populate false-positive
« Reply #3 on: September 17, 2005, 12:58:49 AM »
I reproduced the problem on Amazon.com. I've found the problem -- it is with the BugMeNot code. PasswordMaker's previous code works fine.

I'll release a fix tonight.
« Last Edit: September 17, 2005, 12:58:57 AM by Eric H. Jung »

Offline breyed

  • Jr. Member
  • **
  • Posts: 28
Auto-populate false-positive
« Reply #4 on: September 17, 2005, 12:45:12 PM »
Verified fixed in 0.8.3.  I verified on amazon.com plus a non-public site that was exhibiting the same problem.

Thanks for the fix!  :)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Auto-populate false-positive
« Reply #5 on: September 17, 2005, 07:07:08 PM »
My pleasure. Thanks for using PasswordMaker.

-Eric

PasswordMaker Forums

Auto-populate false-positive
« Reply #5 on: September 17, 2005, 07:07:08 PM »