Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Lastpass fails to fill password

Thomas_BuergisThomas_Buergis Enthusiast ✭✭
edited October 2021 in Mid Range Firewalls

On the Login page of the firewall, Lastpass fails to fill the password into the password field, instead it fills in the "username" in both fields (username/password).

The issue is the name of the field:

<input type="password" name="emailInput" placeholder="Enter your password..." class="sw-textfield__wrapper__input sw-textfield__wrapper__input--with-icon-suffix sw-typo-field-value sw-flexbox__flex">


The name "emailinput" is the identical name for field Username and field Password.


Easy to fix I guess? It should work like that:

<input type="password" name="password" placeholder="Enter your password..." class="sw-textfield__wrapper__input sw-textfield__wrapper__input--with-icon-suffix sw-typo-field-value sw-flexbox__flex">


Here's the proof:


Category: Mid Range Firewalls
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I also dislike how Sonicwalls recent login pages function (not because of a password manager), but I doubt they'll change it. You can try a feature request.

  • Thomas_BuergisThomas_Buergis Enthusiast ✭✭

    In this case it's clearly a bug, because all the other login pages like MSW, Cloud,etc. work as expected. Only the NSa shows this issue.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    I'am not 100% sure how, but 1Password is able to handle a Gen7 login just fine. It shows userName and pwd as detected form fields.

    --Michael@BWC

  • LarryLarry All-Knowing Sage ✭✭✭✭

    The issue is the name of the field:

    <input type="password" name="emailInput" placeholder="Enter your password..." class="sw-textfield__wrapper__input sw-textfield__wrapper__input--with-icon-suffix sw-typo-field-value sw-flexbox__flex">

    The name "emailinput" is the identical name for field Username and field Password.


    This duplication of named fields would be especially problematic if some form of validation is occurring on the "emailInput" field. I can see where it should validate that it is a properly formatted email address (has an "@" and a "."). How that plays out when someone enters a more-or-less standard password is anyone's guess.

    Oh, but wait, no one is complaining about that. So let me guess: There's NO validation on the email address field?!?

  • Thomas_BuergisThomas_Buergis Enthusiast ✭✭

    No, there's no such validation and frankly, the username doesn't have to be an email address IMHO. But I agree in general because no proper validation opens the gate to buffer overflows.

Sign In or Register to comment.