-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
3.9.19, 3.11.12, 4.0.6, 4.1.1, 4.2
When using your browsers password vault, the form to add a group could unintentionally reveal your password to other users with trainer (and higher) permissions as the enrollment password is automatically filled with the users password.
Steps to reproduce:
- Save your credentials to the browsers password vault
- Create a course
- Go to "Participants" -> "Groups" -> "Create group"
- Confirm your password is auto-filled in the enrolment key field
If a user forgets to clean the input field the password is stored and visible for all other trainers.
Thanks to TRMSC for the hint (https://bildung.social/@trmsc/109931172874316310)!
- duplicates
-
MDL-76478 Browsers auto-completing the user's password into inappropriate password unmask form fields
- Closed