Erassus ︎ ︎
Posted in Technical Support 2 years ago
Hi Community,
Today i was surprised that i found a user in my production environment that have the password in the birthday field. I know we all are going to ask how is this posible? because i tried manually to do that behavior and i can't.
I noticed that user was registered with the form, so is not from Facebook login.
I'm suspicious that user probably in her browser have autofill the some plugin or something, because, how this happened?
Note: is only that user, others new users are fine.
Note 2: I have disabled the tab showing gender and birthday and other details from the beggining, so others users cant see that information in her profile, but still a security issue.
Michael Zülsdorff
Replied 2 years ago
I agree with Arsalan that autocomplete="off" would be the best solution for the registration form in general.
You may add a 'valid date' checker, yes, but this wouldn't prevent saving a password as first or last name by mistake :)
Arsalan Shah
Replied 2 years ago
The only solution I see is autocomplete="off"
Erassus ︎ ︎
Replied 2 years ago
I think the same, Arsalan, it's probably an pre-fill from the browser itself and the user didnt notice that, but the birthday field doesnt have verification if some text are not a date numbers or picked from the calendar? I have enabled the 18+ years component too.
Arsalan Shah
Replied 2 years ago
Just to ease you Hugo, OSSN no way knows the password in plain text :) So its user browser some how pre-filling the password in that field. Otherwise OSSN no way knows the password in plain text and don't know actual password. It only compares hashes.
Due to the many requests in the past for additonal features and components we have decided to develope a premium version. Features like Hashtags, Videos, Polls, Events, Stories, Link Preview, etc included in it.
$199 (Life Time)
