Hi All,
Alpha 12.4.6.0.1, Build 5887 on WAS
Chrome Version 75.0.3770.100 (Official Build)
- Alpha login page built using UX Integrated Login
- Chrome: Settings | Autofill | Passwords | Offer to save passwords = true
- login and, when propted by Chrome, click the "Save" button to save the password
- logout and close the tab
- open a new tab and browse to the login page. Password is visible as cleartext
- btw, if you right- or left-click the password text box the cleartext will switch to the obfuscation "dots"
Has anyone else seen this problem?
Workaround
- delete the saved password (if any)
- browse to the login page and login, but this time choose "Never" to add this site to Chrome's Settings | Autofill | Passwords | "Never Saved" list
I noticed that when my password is visible as cleartext, if I right-click and choose "Inspect Element", that the input tag has an attribute "a5lastpersistvalue=<my cleartext password>"
- there are several attributes that begin with "a5" which I assume are being generated by Alpha
- why is Alpha sending my password as cleartext to the browser?
(I know... having browsers save passwords is not a recommended practice. But it's there, user's will use it)
Thanks,
Nate
2019-07-18_9-09-20.png
2019-07-18_9-10-49.png
Alpha 12.4.6.0.1, Build 5887 on WAS
Chrome Version 75.0.3770.100 (Official Build)
- Alpha login page built using UX Integrated Login
- Chrome: Settings | Autofill | Passwords | Offer to save passwords = true
- login and, when propted by Chrome, click the "Save" button to save the password
- logout and close the tab
- open a new tab and browse to the login page. Password is visible as cleartext
- btw, if you right- or left-click the password text box the cleartext will switch to the obfuscation "dots"
Has anyone else seen this problem?
Workaround
- delete the saved password (if any)
- browse to the login page and login, but this time choose "Never" to add this site to Chrome's Settings | Autofill | Passwords | "Never Saved" list
I noticed that when my password is visible as cleartext, if I right-click and choose "Inspect Element", that the input tag has an attribute "a5lastpersistvalue=<my cleartext password>"
- there are several attributes that begin with "a5" which I assume are being generated by Alpha
- why is Alpha sending my password as cleartext to the browser?
(I know... having browsers save passwords is not a recommended practice. But it's there, user's will use it)
Thanks,
Nate
2019-07-18_9-09-20.png
2019-07-18_9-10-49.png