Bug #15246: Autofill services like password managers able to override blocked username field for admin user - pfSense Plus - pfSense bugtracker

Actions

Copy link

Bug #15246

closed

Autofill services like password managers able to override blocked username field for admin user

Added by Kris Phillips 11 months ago. Updated 11 months ago.

Status:

Not a Bug

Priority:

Normal

Assignee:

Category:

Web Interface

Target version:

Start date:

Due date:

% Done:

Estimated time:

Release Notes:

Default

Affected Plus Version:

23.09.1

Affected Architecture:

Description

Browsers with extensions like LastPass, BitWarden, etc. that automatically fill relevant fields are able to replace the username field for the admin user, regardless of the fact that the field is greyed out. Adding protections for bad-acting and/or poorly written extensions to browsers that ignore this field state should be added to avoid accidental username re-writes.

History
Notes
Property changes

Actions

Copy link

Updated by Jim Pingle 11 months ago

Status changed from New to Not a Bug

We already include the tags to suppress them. Password manglers ignore them.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Plus

Custom queries

Bug #15246

Autofill services like password managers able to override blocked username field for admin user

Updated by Jim Pingle 11 months ago