Lastpass fails to fill password
On the Login page of the firewall, Lastpass fails to fill the password into the password field, instead it fills in the "username" in both fields (username/password).
The issue is the name of the field:
<input type="password" name="emailInput" placeholder="Enter your password..." class="sw-textfield__wrapper__input sw-textfield__wrapper__input--with-icon-suffix sw-typo-field-value sw-flexbox__flex">
The name "emailinput" is the identical name for field Username and field Password.
Easy to fix I guess? It should work like that:
<input type="password" name="password" placeholder="Enter your password..." class="sw-textfield__wrapper__input sw-textfield__wrapper__input--with-icon-suffix sw-typo-field-value sw-flexbox__flex">
Here's the proof:
Answers
I also dislike how Sonicwalls recent login pages function (not because of a password manager), but I doubt they'll change it. You can try a feature request.
In this case it's clearly a bug, because all the other login pages like MSW, Cloud,etc. work as expected. Only the NSa shows this issue.
I'am not 100% sure how, but 1Password is able to handle a Gen7 login just fine. It shows userName and pwd as detected form fields.
--Michael@BWC
The issue is the name of the field:
<input type="password" name="emailInput" placeholder="Enter your password..." class="sw-textfield__wrapper__input sw-textfield__wrapper__input--with-icon-suffix sw-typo-field-value sw-flexbox__flex">
The name "emailinput" is the identical name for field Username and field Password.
This duplication of named fields would be especially problematic if some form of validation is occurring on the "emailInput" field. I can see where it should validate that it is a properly formatted email address (has an "@" and a "."). How that plays out when someone enters a more-or-less standard password is anyone's guess.
Oh, but wait, no one is complaining about that. So let me guess: There's NO validation on the email address field?!?
No, there's no such validation and frankly, the username doesn't have to be an email address IMHO. But I agree in general because no proper validation opens the gate to buffer overflows.