App ID / App Key fields get pre-filled with WP admin / PW

  • Hey @dfactory,

    as you will know in the top area of your new plugin version settings screen you can log in into your new functions by entering an “App ID” and an “App Key”.

    The problem is that these two fields automatically get pre-filled with WordPress’ admin user name and password (!) if one has set his browser to remember these.

    If you then for instance change some values in the settings below and click on save on the very bottom of your settings page, both of these values get stored into these fields / the database. But of course: No one wants his admin password stored in these fields.

    So would you please change these fields in a way that they won’t get pre-filled by browsers with this sensitive data anymore?

    This happens at least in current Firefox and Chrome and really shouldn’t be this automatically.

    Greetings,
    -doffine

Viewing 5 replies - 1 through 5 (of 5 total)

  • I have exactly the same concerns

    Thread Starter doffine

    (@doffine)

    Hello @humanityco,

    would it be possible that you tell us something about the above described security problem? Now almost half a year went by without an answer.

    It is still a problem that because of these fields getting prefilled with the admin password it could be stored in (or even sent to) places we don’t want them to be.

    It would be quite wise if you would rename these fields or do something about it so that (at least) Firefox and Chrome don’t prefill these fields by mistake anymore.

    It should be one of the primary tasks to do the very best for security. Will you do something about this?

    Thank you very much for your work,
    -doffine

    Plugin Author Humanityco

    (@humanityco)

    Hi @doffine

    We reviewed this suggestion and intend to make the proper changes so that this issue no longer happens. The fix was planned to be implemented in a previous update but due to the large volume of changes made across the application, we were unable to properly test and thus delayed its implementation. Thanks for your patience.

    Aarthi Athi

    (@aarthiathigmailcom)

    Hi Support,

    Any update for this issue.

    Thanks,
    Aarthi

    • This reply was modified 3 years, 3 months ago by Aarthi Athi.

    Any news on this?

    Keeps happening and defies security … in our view

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘App ID / App Key fields get pre-filled with WP admin / PW’ is closed to new replies.