log into site, then get Update Password? -danger-

Discussion of features in Seamonkey
Locked
User avatar
Myhrddin
Posts: 17
Joined: July 19th, 2016, 10:41 am
Contact:

log into site, then get Update Password? -danger-

Post by Myhrddin »

Well, it seemed like each time I went to the USPS site to track packages, right after logging in the password system would ask me if I wanted to update the saved password. Normally I just tell it no because I hadn't changed anything but, yesterday I thought.. maybe it'll stop asking if I just click update.
This was a huge mistake..

The password entry, which had been auto-hidden by the usps site with asterisks, took that to be a new password and when I told it to update, it overwrote what had been saved with asterisks. Today I encountered the fallout when trying to log in and got a "bad password format" message and bounced back to the resulting login/forgot etc .. Of course I thought it was a glitch and tried again.

Luckily I thought to use the Saved Password Editor plugin to check what was saved before I totally locked up my account access. That's when I found the password saved was just the cover asterisks.

I think the system should have some line of catch code to not allow that to happen and, here I am to bring it to notice.
The issue is easily repeatable if you have a usps.com login and log in. I'm guessing this will happen to anyone logging in there using SM.

Thanks.. Notice to everyone to be wary of Update Password appearing after a successful login anywhere.!! :shock:

~Myr
.end.trans.
Locked