Auto-submit login forms not working on certain pages

keepassxreboot / keepassxc-browser

KeePassXC Browser Extension

GNU General Public License v3.0

1.76k stars 187 forks source link

Auto-submit login forms not working on certain pages #1398

Open yennor opened 3 years ago

yennor commented 3 years ago

On certain pages, especially online banking, the "auto-submit login forms" settings doesn't work. It is recognized as wrong login, and you get redirected to the login page. Maybe the click on the submit buttons happens to quickly, so other scripts which should be executed after the password was entered don't have time to finish? I really don't know. Problems do have for example (There are more, but I don't remember them righ now)

https://www.comdirect.de/
www.bahn.de (only when it asks for the login during an order process)

Expected Behavior

The login should work ;-)

Current Behavior

The login doesn't work on some pages. The username and password have to be entered by hand, or the "auto-submit login forms" setting needs to be disabled

Possible Solution

Maybe wait a short time before submiting?
Give the possibility to disable auto-submit for certain pages

Debug info

KeePassXC - 2.6.2 KeePassXC-Browser - 1.7.9.1 Operating system: Linux Browser: Firefox

varjolintu commented 3 years ago

You can already disable Auto-Submit for certain entries from KeePassXC or certain sites using extension's Site Preferences setting.

yennor commented 3 years ago

took me a bit to find it and took me a while to find out I can use wildcards "*" there. It would be good that in the settings where you activate "Auto-submit login forms" to mention where you could disable it for single sites.

But even better would be if it would be possible to find out why auto submit doesn't work. But I guess that's not an easy one?

varjolintu commented 3 years ago

I haven't checked those sites yet, but it's possible that the submit button is not detected correctly, thus the login fails.

varjolintu commented 3 years ago

First of those sites use a element for the login button, which is not part of the form's input elements even if it's inside the form element.

The second site orders the submit button so that the actual submit button is not last in the list even if it's last on the HTML page. Fixing those are going to be very tricky, and possibly not worth the effort.

Tinsus commented 1 year ago

a have a similar problem on my Synology DSM (Demo: https://demo.synology.com/en-uk/dsm).

with correct login and autosubmit it submits the credentials as GET-Parameters instead of the correct POST-parameters. The DSM dosnt listen to the GET, to it refuses the login.

On other pages this can be an security issue, thou may the login credentials are logged within the URL-parameters on the server-log files

foss- commented 9 months ago

Ran into the problem with https://comdirect.de or rather their login form on https://kunde.comdirect.de Disabling auto-submit does allow for a successful login. This is done by opening the entry and going to Browser Integration and ticket the option Skip Auto-Submit for this entry. Which banking website wouldn't behave so annoyingly and allow proper usage of password managers.