Product Communities
Sign In Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines
Announcements

For more information about the LastPass security incident please visit our blog

sebdelp
New Contributor

Firefox : password is displayed human readable when lastpass extention is used

Hi

I've got firefox 104.0.1 64bits + lastpass extention v4.81.0.3. I do  not use any other password manager extensions.

 

When I open firefox and I try to login to several university digital services, I experience a strange issue that makes my password visible on the screen.

 

The page used for the login is actually built with CAS from https://github.com/apereo/cas (a system that manages identity). In the following explanation I will refer to this webpage as webmail login but the same occurs with any other univ service that uses that identity authentification webpage (i.e. all our tools requires to login through this webpage prior usage).

 

I conducted some experimentation to understand this "bug":

1) when lastpass is not active (i.e. I did not login into my lastpass extention) : firefox seems to have stored the password of my webmail login as well :  login&password are automatically filled by firefox. As lastpass is not active, it can only be firefox that entered the info. In that case, the  password is HIDDEN by some stars (expected behavior).

 

2) If lastpass is active (i.e. i logged into my lastpass extention) and some other conditions (see below): the login & password is automaticalled filled in BUT the password is displayed : instead of seeing some "stars" the password is human readable. I can then click on the sticked "eye" icon at the right of the password to hide it.

 

The worst thing is that I'm not able to determine condition to predict when the password will be hidden or displayed. It seems a little bit random. For sure, this only happens when I'm logged into my lastpass extention.

I noticed that, once the password is displayed clearly, if I reload the page it becomes hidden by stars (and remains hidden regardless the number of times I refresh the page).

If, when I go to the webmail interface, if the password is hidden, if I do not log in  by just browsing to some other website (i.e. I left the webmail to browse another website), when I go back to the original webmail login page, the password may eventually becomes displayed (not all the time, but randomly).

 

So is this a known bug. Is there anything to remove this annoying issue.

NB : why is this an issue. Yesterday, while teaching with my student and use a video projector to display my screen to the audiance, I wanted to show them how to use Moodle (one of our univ digital tool) and due to this bug, I displayed my password to all my students!

 

Thanks for your help

‎09-07-2022 02:43 AM
0 Kudos
Reply
1 REPLY 1
Rebecca_S
LastPass Contributor
LastPass Contributor

Re: Firefox : password is displayed human readable when lastpass extention is used

Hi @sebdelp, thank you for sharing the below information. 

 

Based on our save & fill implementation, LastPass would not determine whether a password would be hidden or shown on a specific website. We respond to the HTML itself, however, we do not actively change the website input elements. 

 

I'll share your examples with the development team as well.  

‎09-07-2022 02:21 PM
0 Kudos
Reply
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved