User Name Field Reveals Password!

Hello Website Admin,

I was shocked to day when I visited this site at work on OSX Safari 10.6.8.

I typed in my user Name and pressed TAB as usual to move to the next field. Instead of moving to the next field, my cached password was concatenated with my user name, the entire string selected, and displayed in the User Name field.

This seems like a gapping security flaw and may be the result of recent changes that you might have made to the login script.

Just reporting it, but it effectively makes this site unsafe in a public or shared situation.

I don’t have a Mac to test this on, but I haven’t experienced this on either Firefox or Chromium.

Any other Safari users come across this?

I just tested Firefox and Chrome, on the same machine, and they seem to be fine.

Perhaps it is just a 10.6.8 Safari bug…?

Looks like it might be a Safari bug. A fix was issued in an upgrade at the end of last year. Probably should update your browser.

Edit: Ooh… just realized that this fix was only issued for OSX Lion and higher. Ouch. It would seem that Apple’s implicit recommendation would be to upgrade your OS or change browsers.

Yep, we are stuck on the 10.6.8 at work because upgrading would require a lot of already licensed software upgrades.