[Bug] iOS Beta - Password Exposure on Screen - Login Screen
On the existing gold version in the app store (2.3.5), the Password (Credential) Autofill pops up for both email entry and password entry:
On the beta version, the password autofill is not available for the email entry only the password entry. Further tests revealed that I could successfully trick Cronometer into autofilling the email field with the password.
Here's the 2 different scenarios I tried, each time force closing the app between scenarios. I did not actually login for this test only tried different login combinations. I use 1Password for my credential storage.
1) Touch email field, autofill not available. Touch password field, autofill available. Touch credential autofill in grey and FaceID activates and successfully fills password text field.
2) Touch password field, autofill available. Touch credential autofill in grey and FaceID activates and successfully fills password text field. Touch email field, autofill stays available. Touch credential autofill in grey and FaceID activates and password is entered in the clear into the email text field.
iOS version: 12.1.3
iPhone 10S MAX
Thanks - Jeff Hunter
Comments
-
Thanks @PresenceGuy the framework we are using is cross platform, so we have to make sure those little things that just work on the native OS still work within the new framework. These types of bugs are very useful to us!
Spencer D.
cronometer.com
As always, any and all postings here are covered by our T&Cs:
https://forums.cronometer.com/discussion/27/governing-terms-and-disclaimer
