Autofill and submit credentials with card removed

[ai212983]

1. Go to some website with login form
2. Add username/password to Mooltipass, enable autosubmit
3. Refresh the page if necessary, observe auto-login
4. Remove card from Mooltipass
5. Logout from the website
6. Probably redirected to login page, if not, navigate to login page.
7. Observe auto-login with Mooltipass without card

Can not provide specific site, as its Artifactory on our internal network. Looks like a huge security problem to me. No way password should be in the system once card is not in the device.

N.B. Looks related to https://github.com/mooltipass/extension/issues/52 and credentials caching

[limpkin]

thanks for the report! we'll update the extension ASAP to tackle that.

[limpkin]

We still haven't forgotten this issue :). FYI this is due to our 30 seconds credential buffer dedicated to that very tab (no other) so the problem is limited.