cancel
Showing results for 
Search instead for 
Did you mean: 
cbachmann312
Active Contributor

Missing autofill for http auth dialog

This is still unresolved. We pay as a company for a password manager which isn't able to fill basic/digest password prompts by at least one of the major browsers?

Even open source password manager extension are able to do it:

 


Maybe you can get some inspiration there?

@lastpass please explain at least why not and when this can be fixed?

This kind of authentication is still used by many admin interfaces and as of http digest auth (same problem as http basic)
there is no "insecurity" reason not to do so.

Thanks!

8 REPLIES 8
jpenny84
Respected Contributor

There's a phone number in the admin console the administrator can use to contact LastPass directly.
wallsdil566
New Contributor

Is this a supported feature?

Also not working for me on Firefox on macOS

LastPass Extension

Version: 4.44.0
Built: Tue Mar 17 2020 11:45:43 GMT+0100 (Central European Standard Time)
Binary Component: false
michacassola
New Contributor

Yes, this is a needed feature. Even the built in Chrome Password Manager has that function. Sad to have to go back to that one for this functionality!

cbachmann312
Active Contributor

I contacted lastpass support, as we got no response here.

The case is under review by their developers now:

Hello,

Thank you for your reply.

I got a response from our developers, so they said that it's been put under review and they have created a ticket in which they will be working on adding more authenticators. I'm attaching this ticket to your case so once it's resolved or developed we will let you know.

We appreciate your patience.



Best,

Support Specialist Tier 1 
LastPass
www.LastPass.com

Jas0n
New Contributor

So apparently my lastpass decided to suddenly auto-handle 'basic auth' requests today in Chrome. I guess the extension auto-updated... and this has totally borked me because it's trying to send the wrong user/pass!!!!

 

I was losing my mind wondering why I was just getting a http error of too many tries, then when I looked at my logs I saw that I was sending the wrong username dozens of times, even though I never got a popup in my browser.

 

After doing some diagnosing I traced it to lastpass causing the issue! WTF, first they don't have it handling basic auth popups for years, now they want to autofill with a randomly chosen account from the domain.

 

I can't find any way to disable this, even if I disable auto-fill it still does it. This is totally unacceptable and a major PITA... Either auto-fill the pop-up box, or do don't anything at all!!!!

cbachmann312
Active Contributor

Hopefully this is no global rollout.

Please contact the support directly, as they don't respond on here.

Looking forward to updates!

ian_m
New Contributor

Is there any update on this issue, please?  It's been a few months...

boringteacher
Active Contributor

I had a ticket started for this exact issue. After bouncing some emails back and forth, the resolution was that IT said that this is impossible - even though it works just fine with competitors' products. I even let them remote-in into my computer, so I could reproduce the basic auth autofill issue, as the rep screen recorded it.

 

Here was the latest update from that LastPass rep:

 

I have attach to this case number the screen recording I took on our phone conversation last week,I did share that recording with our engineers and after they watched it they explained me that the prompt or pop up screen is usually coming from the page itself, unfortunately we can't modify the page itself to accept our autofill option into it.  they suggested trying the context menu (right-click option) to see if it allows you that way.

 

If anyone knows which products are able to autofill basic auth prompts, please reply to this thread, so LastPass can get clued in.

 

Sidenote: even though this post is just plaintext with some italics, I kept getting this error:

Your post has been changed because invalid HTML was found in the message body. The invalid HTML has been removed. Please review the message and submit the message when you are satisfied.