Bug #19519
Firefox prepopulates "Account username" of LDAP settings with normal user credentials
Description
Due to lazyness admin/changeme is saved as credentials for the Foreman in Firefox.
When editing LDAP authentication, Firefox prepopulates the Account username field with "admin" (if the field is empty, as it is when LDAP allows anonymous bind).
How reproducible:
always
Steps to Reproduce:
1. save login credentials in firefox
2. go to Administer → LDAP authentication
3. create a new LDAP or edit an existing one that has an empty account username
Actual results:
account username is set to the stored satellite user by Firefox
Expected results:
account username is empty
Additional info:
Marking the field in LDAP settings as autocomplete="off" might help, but I did not test it. (see https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion)
Related issues
Associated revisions
History
#1
Updated by Tomer Brisker almost 5 years ago
- Has duplicate Bug #20962: Disable autocomplete on LDAP account name added
#2
Updated by The Foreman Bot almost 5 years ago
- Status changed from New to Ready For Testing
- Assignee set to Tomer Brisker
- Pull request https://github.com/theforeman/foreman/pull/4854 added
#3
Updated by Anonymous almost 5 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset cdcb4a151d92d179a544c3a0be3cf7f632c50824.
#4
Updated by Marek Hulán almost 5 years ago
- Legacy Backlogs Release (now unused) set to 296
#5
Updated by Tomer Brisker almost 2 years ago
- Category changed from 218 to Users, Roles and Permissions
Fixes #19519 - Prevent autocomplete on LDAP account