WordPress 4.3.1 password reset on user form submit

[LordSpackolatius]

In WordPress 4.3.1, there is a new bug that occurs whenever you edit a user profile.
Even when not setting a new password, the form generates and saves a new random password. We locked ourselves out of our own WP site 3 times now until we found the bug. Every time we received a password reset notification via email.
Please fix this asap, as other administrators might face the same problems.

Sincerely, MZ

[SergeyBiryukov]

Hi @LordSpackolatius, welcome to Trac!

I could not reproduce the issue. Does it still happen with all plugins disabled and a default theme (Twenty Fifteen) activated?

[dikiy_forester]

I was able to partly replicate this issue. In my case password wasn't changed, but each time after update profile I recieved "Notice of Password Change" email.

The problem is in web browser's autofill password option. So browser filled the pass1 profile form field with my current password. Changing browser or disabling "autofill password" option resolves the issue.

My testing installation:

1. WordPress 4.3.2-alpha
2. Theme 2015
3. no plugins activated
4. Google Chromium ver. 45.0.2454.101

Looks like it's browser issue, but anyway WordPress should prevent such behaviour.

[SergeyBiryukov]

Moving for investigation.

[adamsilverstein]

Duplicate of #33699.

[adamsilverstein]

@dikiy_forester & @LordSpackolatius: The patch on #33699 should resolve this issue. Help appreciated if if you are able to reproduce and can test the patch.

Thanks for the bug report!

[LordSpackolatius]

Hello everybody,
Sorry for not participating in the bug report after having submitted it but I got really sick (still am), the kind of sick that forces you to stay in bed for a whole week.
I will test this the next time I'm in office.
Thanks for the great response, i really appreciate this.
And yes this occurred on a clean WP installation.