Cart checkout form

Recommended Posts

Something that came up while using the kitelife checkout form just now:

I wasn't logged in to the root url of the cart checkout, kitelife.com/forum, so the checkout process was directed to the account signup form. My actual signup info was returned, populated in this form, including address, username, and password. This is concerning, being identifying info, and because ideally stored passwords shouldn't be retrievable. The password is displayed in html with type="password", which displays password characters as dots or asterisks. The characters are easily read by editing the html (right click the pw textbox, inspect, delete the [type="password"] argument). I deleted browser cookies, history, form fill data - the works, tried again, and got the same results, which rules out browser form fill and accidental session persistence. It's not related to google or facebook login recognition, I tested both of these in incognito.

Share this post

Link to post
Share on other sites

Very peculiar, first I’ve heard of any such issue - with no screen shot (sent to me privately) or way to replicate the issue, there’s no way for me to diagnose it.

Sent from my iPhone using KiteLife mobile app

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now