-
Bug
-
Resolution: Fixed
-
Major
-
2.9.4, 3.0.2, 3.1
-
MOODLE_29_STABLE, MOODLE_30_STABLE, MOODLE_31_STABLE
-
MOODLE_32_STABLE
-
MDL-53048-master -
Related to a bug I found in the External Tool (MDL-53046).
Scenario: I have LastPass installed and active. I go to Moodle and create an External Tool for my course, I enter in a URL and it auto-detcts that it matches a site level configured tool. Great! I then go and add the tool.
When I click on the tool I get an error saying that my LTI credentials are misconfigured. I check my External Tools settings and find out that LassPass entered in my Moodle account password for the LTI secret. I didn't realize this, because the key/secret is hidden under a "Show more". So, now the security concern is that my Moodle password is now saved in plaintext and I wouldn't know that unless I knew to debug the issue and click on "Show more" and remove it.
What I expect is to have Moodle forms to not have field elements that can confuse password managers like LastPass. I would recommend, in this case, for the External Tool password field to be renamed to from a generic password field to ltipassword.
The same for other Modules or form fields that are just called password.
- caused a regression
-
MDL-56715 Password unmask field can't be cleared on FF 49
- Closed
-
MDL-57021 The new 'password unmask' field should only be used when entering shared secrets
- Closed
-
MDL-57097 Coding error after pressing enter on grade field in assignment grading page
- Closed
-
MDL-56659 Problems with password unmask templates and plain password field in noscript mode
- Closed
-
MDL-57469 New password unmask element didn't handle auth/yui/passwordunmask/passwordunmask.js
- Closed
-
MDL-59228 Password required field asterisk missing from signup page for Clean and More themes
- Closed
- has a non-specific relationship to
-
MDL-52952 Chrome browser auto-fills non-credential password fields again
- Closed
-
MDL-63416 Chrome 69.0 autofills username/password to self registration
- Closed
-
MDL-76478 Browsers auto-completing the user's password into inappropriate password unmask form fields
- Closed
-
MDL-76574 Improve the UX of passwords in formslib
- Open
- has a QA test
-
MDLQA-9825 Password fields should not be auto-filled by password managers
- Open
-
MDLQA-15306 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-15895 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-16541 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-17157 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-17745 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-18249 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-18742 CLONE - Password fields should not be auto-filled by password managers
- Passed
-
MDLQA-19205 CLONE - Password fields should not be auto-filled by password managers
- Passed
- has been marked as being related by
-
MDL-45772 Some forms with passwords and usernames get populated by the browser, which is not desired
- Closed
-
MDL-51083 Some forms still autofill the user's password
- Closed
-
MDL-56272 Boost theme form elements do not differentiate freeze from hardFreeze
- Closed
-
MDL-56374 Password unmasked by default on user/editadvanced
- Closed
-
MDL-57128 New password unmask field does not appear disabled when it should
- Closed
- has to be done before
-
MDL-55709 Deprecate prevent_form_autofill_password
- Closed
- is blocked by
-
MDL-55713 Modify how behat selectors are loaded
- Closed
- is duplicated by
-
MDL-53573 Create a new password field type
- Closed
-
MDL-57258 Saved browser user name and password showing in Self enrollment text boxes
- Closed
-
MDL-58437 Checkbox for Quiz Password
- Closed
-
MDL-60258 Prevent Auto-fill Password in Quiz User Override
- Closed
- Testing discovered
-
MDL-56462 Assignment grading options form problems with boost
- Closed
- will help resolve
-
MDL-51688 Some forms with passwords get populated by the browser in Safari and Edge
- Closed
-
MDL-55709 Deprecate prevent_form_autofill_password
- Closed