WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#35707 new defect (bug)

On installation page, autocompleted password should not be visible.

Reported by: smerriman Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3
Component: Upgrade/Install Keywords:
Focuses: Cc:
PR Number:

Description

We have a development server where new installations of WordPress are regularly created on the same domain.

On the WP installation page, if you enter a username used elsewhere on the domain, the password field will be autocompleted if you have set the browser to remember it.

The fact the autocomplete occurs is not a problem - however, the password appears in plain text. If anybody else is watching the screen, seeing a brand new random password for a brand new installation is OK (and you can click hide and change it if necessary) - but seeing a saved password from elsewhere is not.

Autocompleted passwords should never appear in plain text. Removing autocomplete is one option, though some people may find it useful - but I think the ideal solution is that any changes to the password field should hide it automatically.

Change History (1)

#1 @mikeschroder
4 years ago

  • Version changed from trunk to 4.3
Note: See TracTickets for help on using tickets.