[Bug] iOS Beta - Password Exposure on Screen - Login Screen

On the existing gold version in the app store (2.3.5), the Password (Credential) Autofill pops up for both email entry and password entry:

On the beta version, the password autofill is not available for the email entry only the password entry. Further tests revealed that I could successfully trick Cronometer into autofilling the email field with the password.

Here's the 2 different scenarios I tried, each time force closing the app between scenarios. I did not actually login for this test only tried different login combinations. I use 1Password for my credential storage.

1) Touch email field, autofill not available. Touch password field, autofill available. Touch credential autofill in grey and FaceID activates and successfully fills password text field.

2) Touch password field, autofill available. Touch credential autofill in grey and FaceID activates and successfully fills password text field. Touch email field, autofill stays available. Touch credential autofill in grey and FaceID activates and password is entered in the clear into the email text field.

iOS version: 12.1.3
iPhone 10S MAX

Thanks - Jeff Hunter

Comments

Sign In or Register to comment.