3

Password generator suggests a paypal.com password that includes forbidden charac...

 2 years ago
source link: https://bugzilla.mozilla.org/show_bug.cgi?id=1736418
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Closed Bug 1736418 Opened 1 month ago Closed 1 month ago

Password generator suggests a paypal.com password that includes forbidden character `,`

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P2)

Toolkit ▾
Password Manager: Site Compatibility ▾

Tracking

(bug RESOLVED as FIXED)

RESOLVED FIXED

95 Branch

Tracking Status firefox95 --- fixed

People

(Reporter: cpeterson, Assigned: tgiles)

Details

https://www.paypal.com/myaccount/security/

Twice now, Firefox's password generator has suggested a paypal.com password that included the character , which paypal.com forbids in its passwords. Here is one of the forbidden passwords suggested: kX9Y8uWs^#8,zKf. (NOTE: that is NOT my password. I generated this example password and then deleted.)

Firefox's password-rules.json says paypal.com required: digit, [!@#$%^&*()], which looks correct, but doesn't mention that , is forbidden.

https://searchfox.org/mozilla-central/rev/5122357c497684e01c5bb2d4a9bf8be1fe97a413/services/settings/dumps/main/password-rules.json#874-875

Attached is the Browser Console's "Login" messages logged with signon.debug enabled.

I have only tested this bug in Nightly 95.

Based on

If you specify the required property and do not specify the allowed property then the allowed property is inferred to be the value of the required property.

from https://github.com/whatwg/html/issues/3518#requiring-that-a-password-contain-certain-characters

only !@#$%^&*() are allowed, , is not allowed.

Got a patch to fix this, just need to write some tests. The issue was on the password generator side of things, we were adding in commas where we shouldn't have and that was being included in list of characters used to generate the password.

Assignee: nobody → tgiles
Status: NEW → ASSIGNED
Severity: -- → S3
Priority: -- → P2
Pushed by [email protected]:
https://hg.mozilla.org/integration/autoland/rev/76f4e5abcdd5
Fix string concatenation that was causing extra characters to appear during improved password generation. r=sgalich
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in before you can comment on or make changes to this bug.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK