I’ve been changing passwords at important websites today. One site showed me an error page when I attempted to change the password. On this error page, it requests the current password to let me retry. When I used rightclick → Bitwarden → autofill to try to fill in my current password, instead of the bank’s id it shows my Google id’s (yes I have 5 Google accounts).
Seems like a bug in the Bitwarden extension. The domain in the browser address bar is usbank.com, but the Bitwarden browser extension thinks it’s Google. If I click the Bitwarden icon at the top, it does give me the correct entry for usbank.com.
I’m using Windows 10 and Microsoft Edge.
Interesting. Does this happen on the login form, as well, or only on the password change form?
Would you mind sharing what URIs you have saved for the usbank.com login item in your vault, and what the match detection option is for each of them? If any (or all) URIs use the Default match detection rule, please also share what setting is configured for your default match detection method.
Finally, if you have ever made changes to the Global Equivalent Domains (or defined Custom Equivalent Domains) in your Account Settings, please provide the relevant details.
P.S. Welcome to the forum!
Thanks for your reply.
It does not happen on the login form. It does not happen on the initial password change form
The screenshot in the OP shows a much shorter URL https://onlinebanking.usbank.com/errorPage which occurred after an unspecified failure in changing the password on the initial password change form. It is the only page where I’ve observed the incorrect Bitwarden behavior. In trying to reproduce the problem to make this reply, I’ve been unable to reach that specific error page (any error in changing the password stays on that longer initial URL). I’ve also been unable to change my usbank password at all today for reasons I don’t understand that seem unrelated to Bitwarden. There may be some funky stuff happening with the usbank web app today.
My vault entry for usbank is https://usbank.com/ with no other URIs. It uses Default Match Detection. In Settings, Default URI Match Detection is set to Base Domain. I have no Custom Equivalent Domains and AFAIK have never modified the Global Equivalent Domains.
Thanks for providing the additional information.
It’s a very odd problem you’ve found, for sure. I’m wondering if the USBank “error” page was serving some content from a Google server in an embedded iframe, and that this may have confused the Bitwarden matching algorithm?
What URIs are stored in the five Gmail login items in your vault? (in particular, what base domains are stored there, assuming you have the matching set to Default for those as well?)? Is it just google.com?
If you ever encounter this behavior again, I would suggest saving the HTML code of the web page, so that it can be examined later.
All my Google account URIs are simply www.google.com or accounts.google.com
I’ll be trying again in a day or two to change my password at that site. I’ll first try it the same way to see if this problem recurs. If so I will definitely grab the web page source. I’ll also peek at the developer tools window. But I won’t spend too much more time on it as my real goal here is to get that password changed, so I’ll probably search for their “I forgot my password” link which should take care of it for me.