Chrome changes all passwords on a user on one domain
Reported by
jove.da...@thedigitalarc.com,
Mar 2 2018
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 Steps to reproduce the problem: 1.You got two websites "www.test.zone.domain.com" and "www.dev.zone.domain.com" on these you got a user with the same name but different passwords. 2. Go to www.test.zone.domain.com 3. Login using your username and password 4. Save login 5. Go to www.dev.zone.domain.com 6. Login using your username and password 7. You will be asked to update the password, click yes. 8. Go to www.test.zone.domain.com 9. Try using saved password 10. Failed as it's trying to use the password from the other site. What is the expected behavior? Be asked to save the password on site 2 or create a new one for that site when clicking "update" What went wrong? It overwrites the other site's password even tho the url is different Did this work before? N/A Chrome version: 64.0.3282.186 Channel: stable OS Version: 10.0 Flash Version:
,
Mar 5 2018
Thanks for filing the issue. @Reporter: Launched chrome reported version and tried to access the URL's provided in comment#0, but getting "404 Error-page not found". Please find the attached screenshot for the same. Please provide any alternate URL which helps in further triaging it. Thanks!
,
Mar 5 2018
Hi, you can use what ever website that has two parts on the front, those where just examples as the URL's I worked on was local websites. Tho still using a FQDN domain. So I do not have a URL for you to test on, I would do something like a local website to test.
,
Mar 5 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 6 2018
,
Mar 12 2018
At this point, it works as expected. We merge PSL-matched credentials. Reporter: could you please provide a real life example where PSL-matching isn't correct? If we have enough cases, we can reconsider it.
,
Mar 12 2018
I do not have a example you could use as I have only had this issue on our local sites, but a example could be: If you have service1.departement1.yourdomain.com, service1.qa.departement1.yourdomain.com and service1.test.departement1.yourdomain.com. Each have the same username but different passwords. So it would be nice if you could have different passwords depending on the sites. As in the examples they are all different sites, so makes no sense that they should be considered as the same. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by dtapu...@chromium.org
, Mar 5 2018