Chrome password auto-fill breaking IPv6



  • This is really strange. I noticed recently that chrome is auto-filling the pfsense webgui username into Interfaces / WAN / DHCP Client Configuration / Reject leases from, resulting this error:

    The following input errors were detected:
    An invalid IP address was detected in the 'Reject leases from' field.

    This prevents the IPv6 gateway from starting. In years of running pfsense, I've never seen this behaviour. The only way I could prevent this from happening was to remove the webgui username and password from the list of credentials being stored by chrome. Is there any other work-around?


  • LAYER 8 Netgate

    Probably stopping your browser from erroneously-filling form fields is the best way forward.



  • @Derelict Sure, I'll give the chrome developers a call and tell them to get on it right away.


  • LAYER 8 Netgate

    You can turn it off without that. Not sure it's pfSense's job to play whack-a-mole with the all of the browsers' auto-fill plus all of the password extension auto-fill and every possible combination of the same.

    It is Chrome erroneously-filling the field. How is it that you perceive that to be pfSense's problem to fix?

    The fact that chrome is filling fields you don't want filled in a web page you don't want them filled into - especially a username and password - and it is not obvious to you that this is happening - means disabling that "feature" in the browser might be prudent.



  • @Derelict I asked if there was a work-around other than disabling auto-filling of the pfsense webgui username and password. Not sure where you took the leap that I was saying it was a pfsense problem. Since this didn't happen before, either something changed in chrome or in the webgui. I posted here to see if anyone else was encountering this.



  • @bimmerdriver : I don't want to 'leap' neither, but I'm pretty sure that most of us that reply questions here, do not use Chrome. This makes the problem less known ^^

    A solution would be : dig onto the settings of Chrome, and find the list with all the URL that have a user/password, then just 'reset' what has been stored.
    Automatic user/password fill in works pretty the same for all browser : if the URL matches and a html keywords like user and password or pass-word or pass are all present on the same page, then the browser presume that the filled in text might be a user/password pair, and proposes you to save it (adding to the list).
    btw : Auto-filling is a pure browser thing.

    Also : remember : Chrome has a default plugin that isn't shown - and can't be deactivated , and has access to all the pages you visit, info you type, etc : Google. I have to say right away that I somewhat trust Google ... but the day they 'brake' we'll be in for some big headlines.


  • LAYER 8 Global Moderator

    As per Derelicts spot on advice, I use lastpass, and it trying to do what it does can cause slow downs in the web gui on some pages.

    So what I do is tell lastpass to ignore or not do anything on those pages of the gui. But allow it to autofill in the login page..

    For some reason the lastpass script will hang the browser up for some time on the interface page of the gui, so I had to tell lastpass to not do anything ever on that page.

    example
    lastpass.png

    How that is done in chrome have no idea, I don't use it very often. But I don't see how chrome filling in stuff it shouldn't be has anything to do with pfsense.. How do you suggest pfsense stop chrome from doing that exactly?


  • LAYER 8 Moderator

    @johnpoz said in Chrome password auto-fill breaking IPv6:

    How do you suggest pfsense stop chrome from doing that exactly?

    You can't (restrict it to a single page only). You can either turn on auto-form-filling or off. It does an "educated guess" with type, id and name (I suppose) of the HTML forms and if one or two are something like "id/user/pass/whatever" it gets pasted in. Sometimes helpful (complete address block or sth alike) but encountered many pages in pfSense pages, that it trigger-happy jumps to conclusions.

    But I can't see why "dhcprejectfrom" would trigger its list for username. Perhaps an address entry but that's far away from any username matching.

    What you can is modifiy the "don't save for..." list so it won't show up with password suggestions. But that is domain-wide. Other than that you only have payment or autofill settings left, but as OP states, that it autofills username/pass, those other two aren't the culprits.


  • LAYER 8 Global Moderator

    My point exactly - what does the OP think pfsense could do to keep chrome from jumping to conclusions about form boxes? Its not like the forms fields are all labeled username and password ;)

    The OP had the right idea, but pretty sure it was meant as sarcastic response ;) hehehe

    I'll give the chrome developers a call and tell them to get on it right away.


  • LAYER 8 Moderator

    Actually I just checked: seems a Chrome "bug" to me. Besides the "autofilling" being annoying, filling that field makes no sense. If you go to System>Advanced>Misc it fills out the Proxy User/Pass but that actually makes some sense. Don't like the autofill without questioning thing.

    But got one step further and tested with other Chromium forks. E.g. Opera: asks for PW safe, and offers to insert in the System>Adv.>Misc but doesn't autofill. The DHCP Reject form field is ignored completely (won't even offer to save or autofill) so it's definetly something special to Chrome or specific chromium branches.



  • @johnpoz said in Chrome password auto-fill breaking IPv6:

    My point exactly - what does the OP think pfsense could do to keep chrome from jumping to conclusions about form boxes? Its not like the forms fields are all labeled username and password ;)

    The OP had the right idea, but pretty sure it was meant as sarcastic response ;) hehehe

    I'll give the chrome developers a call and tell them to get on it right away.

    Again, where did I say it was a pfsense problem?


  • LAYER 8 Global Moderator

    Your in the pfsense webgui section...

    Where you should be is your browser of choice forums asking them for how to stop it from filling in shit it shouldn't be filling in... There is NOTHING pfsense can do to stop your browser from doing that!

    You have already been given your "work arounds"

    Use a different browser, disable its auto fill feature.



  • @johnpoz said in Chrome password auto-fill breaking IPv6:

    Your in the pfsense webgui section...

    Where you should be is your browser of choice forums asking them for how to stop it from filling in shit it shouldn't be filling in... There is NOTHING pfsense can do to stop your browser from doing that!

    You have already been given your "work arounds"

    Use a different browser, disable its auto fill feature.

    Again, not clear how you jumped to conclusion that I was implying this is a pfsense problem solely on the basis that I was posting in the webgui section. What other section would I post a question about the webgui in?


  • LAYER 8 Global Moderator

    It has ZERO to do with pfsense or its gui... Again you should be on your browsers of choice forums..

    Or in the general section.. What your browser autofills has zero to do with pfsense gui at all.

    Derelict has already completed this thread to be honest..

    Do you think there is some code pfsense could put on its forms to tell chrome not to fill them?


  • LAYER 8 Moderator

    @johnpoz said in Chrome password auto-fill breaking IPv6:

    Do you think there is some code pfsense could put on its forms to tell chrome not to fill them?

    Actually there is. You can set autocomplete="xy" on a form field to signal browsers to stop form-filling or how they should handle them. BUT it also states clearly, that id/names of those fields should be pretty specific to trigger that. The field in question is "dhcprejectfrom" and I can't see how in the hell that should be a trigger to inject a "name" field in it. So either Chrome reads the form name and that triggers it or it's completely bonkers.

    My 2c would be to actually stop password-filling/-saving in/from any browser and use a password safe (like keepass) and if you're lazy an extension for your favourite browser to have it fill your login forms after asking. Most extension that does so (lastpass for their service, kee/vault for keepass, etc.) have a much better matching algorithm or configuration on which sites they offer and on which the don't allow to fill in. I'm using a combo of auto-type or "kee" (extension) with keepass for years. Best thing ever. And inter-operable if you ever switch browsers for testing etc.


  • LAYER 8 Netgate

    I gave up on all of that browser plugin junk a couple years ago and now use the Lastpass mac application and copy/paste everything. They have made it pretty easy, I think in part due to my feedback. :)

    This has the added benefit of being the same workflow for everything - even if it is not in the browser (or is in a secondary browser for testing reasons, etc).


  • Netgate Administrator

    If it's auto-filling a value in that field that value is stored somewhere and you should be able to remove it from Chrome.

    I use Chromium all the time and have never hit that issue. The proxy pass/username auto-fill is very annoying though.

    Steve


Log in to reply