Issue metadata
Sign in to add a comment
|
Password manager keeps autocompleting stored password
Reported by
jschr...@willshowvalue.com,
Jan 8 2018
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Steps to reproduce the problem: 1. Navigate to http://locustraxx.com/ 2. Click Oversight Login 3. When password manager has a stored password it populates this field 4. Hit backspace on password and wait 1/2 second. 5. Chrome repopulates password What is the expected behavior? User should be allowed to modify password and if the password was changed from a forgot/reset password then the user is unable to change the password unless they disable the autocomplete feature. What went wrong? The password will continue to repopulate with the stored value making changing the password impossible short of a very quick paste and click combination. Did this work before? Yes Not clear on version but roughly December 5, 2017 was when the first user reported something Chrome version: 63.0.3239.132 Channel: stable OS Version: 10.0 Flash Version: Currently using Version 63.0.3239.132 (Official Build) (64-bit)
,
Jan 9 2018
Something on the page triggers PasswordAutofillAgent::SendPasswordForms repeatedly while the user is editing the password field, resulting in the annoying autofill. Adding also dvadym@ who might know which kind of HTML events might cause this.
,
Jan 9 2018
So far adding the attribute autocomplete="new-password" is resolving the issue.
,
Feb 9 2018
But adding autocomplete="new-password" would turn off Chrome autofill. It looks similar to bug 771824, which was fully fixed in M-64. Could you please remove autocomplete="new-password" and to test in Chrome 64 (this is the current stable version)? You can check Chrome version by typing in address bar chrome://version. If the problem still persists, could you please attach Chrome Password Manager logs? For this could you please do the following steps? 1.Open chrome://password-manager-internals in one tab 2.Open the site in another tab and reproduce the problem 3.Return back to the first tab and copy/save the content (it's Password Manager logs, no private information) and attach it to the bug
,
Feb 21 2018
I had this same issue today on Godaddy, changing the password on my server. If my correct username is input, the password autofills on any keypress. For instance, I'd press d or x or even ctrl+v and it would autofill my password. If I changed the username, it stopped doing it, but if I then set the username back after the password/confirmation password were set, the autocomplete password was automatically restored, even if I only typed the username, rather than select it from a list. This is the screen I'm talking about (personal information edited out): The thing that worked for me, was adding auto-complete="new-password". Interestingly, I had to fidget with their css to properly show the screen and found that one of the parent div elements to this form is constantly refreshing its attributes. I can't modify it without pausing script execution. However, I can freely modify the contents of that div, as I did with adding autocomplete="new-password", so may or may not be related. Attached is a screenshot along with the div refreshing itself: <div class="sf-dialog modal-content sf-dialog-modal" style="display: block; z-index: 3; position: fixed; height: 430px; left: 608px; top: 27px; width: 680px;">
,
Feb 22 2018
abigailr...@ could you please attach chrome://password-manager-internals logs as described in comment 4?
,
Feb 26 2018
Captured password manager logs are listed below. Logs are cleared and no longer captured when all password-manager-internals pages are closed. Message: PasswordAutofillAgent::SendPasswordForms only_visible: true Security origin: https://img1.wsimg.com/ Message: Webpage is empty Message: PasswordAutofillAgent::SendPasswordForms only_visible: true Security origin: https://myservers.godaddy.com/ Number of all forms: 1 Form found on page: { Action : , Form name or ID : } Form is visible: false Some control elements not associated to a form element are visible: false Message: PasswordManager::CreatePendingLoginManagers SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Number of pending login managers (before): 0 Number of pending login managers (after): 0 Message: PasswordManager::OnPasswordFormsRendered Message: PasswordManager::CanProvisionalManagerSave Message: No provisional save manager Message: PasswordAutofillAgent::SendPasswordForms only_visible: false Security origin: https://lpcdn.lpsnmedia.net/ Message: Webpage is empty Message: PasswordAutofillAgent::SendPasswordForms only_visible: true Security origin: https://lpcdn.lpsnmedia.net/ Message: Webpage is empty SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Server predictions: { Signature of form: 13380264030153351352 Origin: https://myservers.godaddy.com/ Action: Form fields: username: 239111655, text newPw: 1588058803, password, SERVER_PREDICTION: ACCOUNT_CREATION_PASSWORD newPwConfirm: 2398040070, password, SERVER_PREDICTION: CONFIRMATION_PASSWORD } Message: PasswordAutofillAgent::SendPasswordForms only_visible: false Security origin: https://myservers.godaddy.com/ Number of all forms: 2 Form is a password form: { Action : https://myservers.godaddy.com/ , New password element : newPwConfirm , Origin : https://myservers.godaddy.com/ , PSL match : false, Password element : newPw , Password generated : false, Scheme : HTML , Signon realm : https://myservers.godaddy.com/ , Times used : 0, Username element : username } Message: PasswordManager::CreatePendingLoginManagers SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Number of pending login managers (before): 0 Adding manager for form: { Signature of form: 13380264030153351352 Signon realm: https://myservers.godaddy.com/ Origin: https://myservers.godaddy.com/ Action: https://myservers.godaddy.com/ Form name: Form fields: username: 239111655, text newPw: 1588058803, password newPwConfirm: 2398040070, password } Message: FormFetcherImpl::Fetch FormFetcherImpl::state_: 1 Number of pending login managers (after): 1 Message: FormFetcherImpl::OnGetPasswordStoreResults Number of results from the password store: 2 Message: PasswordFormManager::ProcessMatches SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordManager::Autofill wait_for_username: true The new state of the UI: 3 Message: Generation: no possible account creation forms Message: Generation: no possible account creation forms Message: PasswordAutofillAgent::OnFillPasswordForm ambiguous_or_empty_names: false Number of potential forms to fill: 1 form_data's wait_for_username: true form_contains_fillable_username_field: true username_field_name empty: false password_field_name empty: false SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordFormManager::ProcessMatches The new state of the UI: 6 Message: PasswordAutofillAgent::SendPasswordForms only_visible: false Security origin: https://myservers.godaddy.com/ Number of all forms: 2 Form is a password form: { Action : https://myservers.godaddy.com/ , New password element : , Origin : https://myservers.godaddy.com/ , PSL match : false, Password element : newPw , Password generated : false, Scheme : HTML , Signon realm : https://myservers.godaddy.com/ , Times used : 0, Username element : username } Message: PasswordManager::CreatePendingLoginManagers SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Number of pending login managers (before): 1 Adding manager for form: { Signature of form: 13380264030153351352 Signon realm: https://myservers.godaddy.com/ Origin: https://myservers.godaddy.com/ Action: https://myservers.godaddy.com/ Form name: Form fields: username: 239111655, text newPw: 1588058803, password newPwConfirm: 2398040070, password } Message: FormFetcherImpl::Fetch FormFetcherImpl::state_: 1 Number of pending login managers (after): 2 Message: FormFetcherImpl::OnGetPasswordStoreResults Number of results from the password store: 2 Message: PasswordFormManager::ProcessMatches SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordManager::Autofill wait_for_username: false Message: Generation: no possible account creation forms Message: PasswordAutofillAgent::OnFillPasswordForm ambiguous_or_empty_names: false Number of potential forms to fill: 1 form_data's wait_for_username: false form_contains_fillable_username_field: true username_field_name empty: false password_field_name empty: false Message: FillUserNameAndPassword in PasswordAutofillAgent Message: Username to fill matches that on the page Filled username element named: username SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordFormManager::ProcessMatches The new state of the UI: 3 Filled password element named: newPw Message: PasswordAutofillAgent::SendPasswordForms only_visible: false Security origin: https://myservers.godaddy.com/ Number of all forms: 2 Form is a password form: { Action : https://myservers.godaddy.com/ , New password element : , Origin : https://myservers.godaddy.com/ , PSL match : false, Password element : newPw , Password generated : false, Scheme : HTML , Signon realm : https://myservers.godaddy.com/ , Times used : 0, Username element : username } Message: PasswordManager::CreatePendingLoginManagers SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Number of pending login managers (before): 2 Adding manager for form: { Signature of form: 13380264030153351352 Signon realm: https://myservers.godaddy.com/ Origin: https://myservers.godaddy.com/ Action: https://myservers.godaddy.com/ Form name: Form fields: username: 239111655, text newPw: 1588058803, password newPwConfirm: 2398040070, password } Message: FormFetcherImpl::Fetch FormFetcherImpl::state_: 1 Number of pending login managers (after): 3 Message: FormFetcherImpl::OnGetPasswordStoreResults Number of results from the password store: 2 Message: PasswordFormManager::ProcessMatches SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordManager::Autofill wait_for_username: false The new state of the UI: 3 Message: Generation: no possible account creation forms Message: PasswordAutofillAgent::OnFillPasswordForm ambiguous_or_empty_names: false Number of potential forms to fill: 1 form_data's wait_for_username: false form_contains_fillable_username_field: true username_field_name empty: false password_field_name empty: false Message: FillUserNameAndPassword in PasswordAutofillAgent Message: Username to fill matches that on the page Filled username element named: username SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordFormManager::ProcessMatches Filled password element named: newPw
,
May 18 2018
Three months later and this is still happening. I've also notified GoDaddy but the frontline of support don't even understand the words I'm saying, so doubtful it gets relayed to anyone who even knows what HTML means.
,
May 22 2018
It's hard to fix this bug now not to break other sites. We're working on refactoring (issue 831123) that would allow us to fix it.
,
Nov 29
vabr going hobby only -> reducing involvement. Please contact me directly in urgent matters. |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by alex...@chromium.org
, Jan 8 2018Components: -UI UI>Browser>Passwords