Page MenuHomePhabricator
Create Task
Maniphest T10931

Password repeated in HTML page if login unsucessful
Closed, ResolvedPublic
Actions

Description

Author: postmaster

Description:
Hello

When you try to log in to the Wikipedia web site, if you mistype the password or
the user name than the user name and password is written back.

Thought repeating the password field as well makes us one field less when we
don't type our user name correctly, I think it is a big security problem to put
it in the web page. Perhaps not replying would be the best.

To try:

Go to the Wikipedia login page
Mistype your user name or password (or both)
The page saying "login error" comes. Now right click on the page and say

"view source".

Look for the string "password", and you'll see the types password appears in

the web page.

Thank you

Version: unspecified
Severity: normal
URL: http://en.wikipedia.org/w/index.php?title=Special:Userlogin&returnto=Main_Page

Details

Reference
bz8931

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:30 PM
bzimport added a project: MediaWiki-User-login-and-signup.
bzimport set Reference to bz8931.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Feb 9 2007, 5:50 PM
bzimport added a comment.Mar 6 2007, 5:10 PM

felix.reimann wrote:

Values of password fields cleared

Attached:

diff_Userlogin.php982 BDownload

bzimport added a comment.Mar 6 2007, 7:28 PM

postmaster wrote:

Verified.

Thank you

bzimport added a comment.Mar 6 2007, 7:30 PM

robchur wrote:

Reopening bug; fix not committed to source control.

bzimport added a comment.Jun 3 2007, 1:57 AM

cannon.danielc wrote:

Committed as r22665.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL