mahara-contributors team mailing list archive

Thread
Date

[Bug 543766] Re: password gets revealed due to JavaScript focusing on username field

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Evan Goldenberg <evangoldenberg@xxxxxxxxx>
Date: Mon, 22 Mar 2010 22:01:36 -0000
Reply-to: Bug 543766 <543766@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Since Mahara 1.2, the login form is no longer focussed automatically, so
this shouldn't be an issue.

** Changed in: mahara
       Status: New => Invalid

** Changed in: mahara
     Assignee: (unassigned) => Evan Goldenberg (naveg)

** Changed in: mahara
       Status: Invalid => Won't Fix

** Changed in: mahara
       Status: Won't Fix => Invalid

-- 
password gets revealed due to JavaScript focusing on username field
https://bugs.launchpad.net/bugs/543766
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Invalid

Bug description:
»On its login page, Mahara uses JavaScript to set focus on the user name text field so the user can sign in to the account with least effort possible.

However, due to the incompleteness and the placement of the JavaScript, there is a possibility that the user’s password may get revealed (in the user name text field of the login form) if the user attempts to enter their account details before the login page completely loads.«

(text copied from http://www.conetrees.com/2009/12/blog/usability-spotter-6-the-twitter-login-page-password-revelation-issue where I got the idea to report this bug.)

The bug occured in a usability test about half a year ago. It may already be fixed but I suppose reporting erroneously is better than not at all. :)

References

[Bug 543766] [NEW] password gets revealed due to JavaScript focusing on username field
From: Jan-Christoph Borchardt, 2010-03-21