Jump to content
KiteLife Forum
kananga

Cart checkout form

Recommended Posts

Something that came up while using the kitelife checkout form just now:

I wasn't logged in to the root url of the cart checkout, kitelife.com/forum, so the checkout process was directed to the account signup form. My actual signup info was returned, populated in this form, including address, username, and password. This is concerning, being identifying info, and because ideally stored passwords shouldn't be retrievable. The password is displayed in html with type="password", which displays password characters as dots or asterisks. The characters are easily read by editing the html (right click the pw textbox, inspect, delete the [type="password"] argument). I deleted browser cookies, history, form fill data - the works, tried again, and got the same results, which rules out browser form fill and accidental session persistence. It's not related to google or facebook login recognition, I tested both of these in incognito.

Share this post


Link to post
Share on other sites

Very peculiar, first I’ve heard of any such issue - with no screen shot (sent to me privately) or way to replicate the issue, there’s no way for me to diagnose it.


Sent from my iPhone using KiteLife mobile app

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...