Response to a post contains my password

  • Author
    Posts
  • #1009592

    I posted a response to the following WordPress blog post (reply #4)

    http://genehughson.wordpress.com/2012/09/11/reduce-reuse-recycle/

    Upon posting, it prompted for authentication (as epected), and I entered the URL for my WordPress blog and my password. Much to my shock and disappointment, the response was posted with a link to my blog, using my password in the text.

    I’ve posted responses to many sites, and have never seen such blatent disregard for password security before. What is going on here? This should never have happened!
    Blog url: http://charliealfred.wordpress.com/

    The blog I need help with is charliealfred.wordpress.com.

    #1009716

    thegiddygoat
    Member

    I don’t see any sign of your password being shown on that post URL you have given. It looks a decent enough blog to me. Your name links to your blog, but that is not something devious by the blogger who’s blog you left a comment on. You seem to be wrongly accusing someone of something they haven’t done.

    #1009717

    genehughson
    Member

    Charlie contacted me right after it happened and I edited the comment to remove it. I don’t think he’s inferring that I did something nefarious, more that there was some issue with the WordPress code.

    #1009718

    thegiddygoat
    Member

    Oh i see. So the password DID show?

    #1009719

    thegiddygoat
    Member

    I’ll tag this for staff as that’s definitely something that should never happen. Sorry i misunderstood as i saw no password.

    #1009720

    genehughson
    Member

    It did…the name field contained his password and username (Charlie, correct me if I got the order wrong) concatenated. The body of the comment and the other fields were as expected.

    #1009721

    thegiddygoat
    Member

    OK thanks for that info. I’ve tagged this for staff to help now.

    #1009728

    Gene is correct. The original text displayed for my blog URL took the form

    <password><WP user name>

    When I noticed it, I didn’t have any way to delete the post or modify the URL. As a result, I changed my WP password, let Gene know, and posted the original topic entry.

    Gene (blog owner) was able to edit my password out of the blog URL.

    This is why it doesn’t show up anymore.

    Thanks,
    Charlie

    #1009735

    jenia
    Member

    Hi Charlie, I am sorry your password got exposed and I am glad that you and Gene were able to quickly make the necessary changes to protect your privacy.

    I looked at our recent support requests, and I did not find any similar cases reported recently. I did notice while trying to reproduce your issue on my test blog that the fields under the commenting form ask for the following three items: 1) email, 2) name, 3) website. When you visit http://genehughson.wordpress.com/2012/09/11/reduce-reuse-recycle/ again (while logged), do you see those three fields – do you think it’s possible that you accidentally entered your password into the “website” field?

    #1009736

    justjennifer
    Moderator

    @jenia according to what the OP says above, he entered his password as a part of authentication.

    #1009739

    jenia
    Member

    @justjennifer: right, I read that. Double-checking since the reply form can sometimes be confused with an authentification form (which may or may not be the case for Charlie. At the same time, I am unable to reproduce and don’t see similar reports from other users, so there is a chance that this is a user error).

    @charliealfred: Charlie, just to make sure, which browser/operating system you are using? Have you posted comment replies since then, and if you did, did you have to log in and did the same issue occur again?

The topic ‘Response to a post contains my password’ is closed to new replies.