Jump to content
KiteLife Forum

kananga

Kitelife Subscriber
  • Posts

    1
  • Joined

  • Last visited

Everything posted by kananga

  1. Something that came up while using the kitelife checkout form just now: I wasn't logged in to the root url of the cart checkout, kitelife.com/forum, so the checkout process was directed to the account signup form. My actual signup info was returned, populated in this form, including address, username, and password. This is concerning, being identifying info, and because ideally stored passwords shouldn't be retrievable. The password is displayed in html with type="password", which displays password characters as dots or asterisks. The characters are easily read by editing the html (right click the pw textbox, inspect, delete the [type="password"] argument). I deleted browser cookies, history, form fill data - the works, tried again, and got the same results, which rules out browser form fill and accidental session persistence. It's not related to google or facebook login recognition, I tested both of these in incognito.
×
×
  • Create New...