limpkin
commented
2 years ago would you have a way for us to reproduce the issue... or possibly the name of the app you used?
Open Hypoon opened 2 years ago
limpkin
commented
2 years ago would you have a way for us to reproduce the issue... or possibly the name of the app you used?
Hypoon
commented
2 years ago I was using the "Travelers" app, a mobile app for an insurance company. The app is listed in Google Play as "Travelers Mobile", by "The Travelers Indemnity Company". https://play.google.com/store/apps/details?id=com.travelers.digitalservice I have not yet attempted to reproduce the issue, but I'll give it a shot and report back.
mathfactory
commented
2 years ago Thanks for the report! My first guess would be that this is a hashed version of the password computed by the app and we'd need to find out why we are getting this as the password. Could you please try enabling debug in the settings and search for log messages (with adb logcat) starting with: "Setting hint", "Ignoring hint" and "autofillable fields" after triggering autofill in the app? This should tell us a bit about what autofillable fields the app is offering to mooltifill.
I used mooltifill to save the login information for a certain app to my mooltipass. When showing the password on the mooltipass screen, or when having the mooltipass type it on a computer, it appears as:
{SHA}:ZZZZZZZZZZZZZ40HEXCHARSHEREZZZZZZZZZZZZZOf course, that is not my password.