• Resolved swhayes

    (@swhayes)


    I’m using the Log In add-on on a Learndash site, and when I try the shortcode out I get this rather alarming notice:

    LASTPASS SECURITY WARNING

    Do you allow your credentials for fencingacademy.net to be sent to uncannyowl.com?

    I’ve been using Lastpass for years and have never seen this warning before, and it’s unnerving. Why does the add-on send my login credentials to uncannyowl? How do I prevent this from happening?

    Thanks!

    • This topic was modified 4 years, 6 months ago by swhayes.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Hi @swhayes, we use LastPass ourselves internally and haven’t seen that on a site. The free plugin passes no data to our site at all.

    Do you use any of our paid products too? The free Toolkit (and specifically the Front End Login module) has no references in the code to our site (except links if you click logo images). Our paid plugins also only send us data if you submit a ticket using the support system in the plugin.

    I checked the domain referenced in your email too and it’s not using our login form so I can’t easily check it. Is this a clean site, so never cloned from something we created, or can you tell us more about the context? We’ve had no similar mentions of this either.

    If you are a paid plugin customer it would really help if you could give us the exact URL via support ticket so we could take a look ourselves.

    Thread Starter swhayes

    (@swhayes)

    Thanks for the quick reply. I’m only a free user at the moment.

    I’ve tried several times to reproduce the message (I wish I had screencapped it) without any luck. It’s on my development site, at [subdomain].fencingacademy.net. The context is that I had just enabled the login add-on, put the shortcode on the page (from https://www.uncannyowl.com/knowledge-base/front-end-login/), and hit “view.” That’s when the message popped up.

    I wonder if this is a PastPass issue rather than an Uncanny Owl issue. I’m going to proceed and will let you know here if I find anything else out. Thanks again for the prompt response.

    Thread Starter swhayes

    (@swhayes)

    Going to close this. I was favorably impressed with your prompt response. I’ve paid actual money for worse support! Will consider the Pro version as I move to the next steps.

    Plugin Author Uncanny Owl

    (@uncannyowl)

    Hi @swhayes, I know you closed this and aren’t a Pro user, but if you see this happen again please do submit a contact form on our site and perhaps include student access so we can try signing in to see if we can reproduce it.

    Thread Starter swhayes

    (@swhayes)

    Just sent you a link. Thanks again!

    Thread Starter swhayes

    (@swhayes)

    I wanted to let you know I found the problem: it was my error. I had some insecure (http) content still on the site, including the custom login page, and that caused the warnings. Again, thanks for the fast responses.

    Plugin Author Uncanny Owl

    (@uncannyowl)

    Thanks @swhayes, I had the ticket assigned to our team but our developers but they’re not back in the office until Tuesday (holiday here tomorrow). The mixed content error had to be fixed, for sure, but the reference to our site is still very strange. Anyway, thanks for reporting it (and the update).

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Lastpass Security Warning for Log in Module?’ is closed to new replies.