Kitelife Subscriber
  • Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About kananga

  • Rank

Profile Information

  • Favorite Kite(s)

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Something that came up while using the kitelife checkout form just now: I wasn't logged in to the root url of the cart checkout, kitelife.com/forum, so the checkout process was directed to the account signup form. My actual signup info was returned, populated in this form, including address, username, and password. This is concerning, being identifying info, and because ideally stored passwords shouldn't be retrievable. The password is displayed in html with type="password", which displays password characters as dots or asterisks. The characters are easily read by editing the html (right click the pw textbox, inspect, delete the [type="password"] argument). I deleted browser cookies, history, form fill data - the works, tried again, and got the same results, which rules out browser form fill and accidental session persistence. It's not related to google or facebook login recognition, I tested both of these in incognito.