Sam Crudge 

You do find some wild shit when you do bug bounty 😅.

Client side only encryption and validation, autofill functionality commented out on password fields..

#BugBounty

Aug 6, 2023 at 5:45amWeb
Show threadJoshua SmallAug 6, 2023
@Crudge Autofill is a horrible "damned if you do.." situation. Every pentest I've seen run either flags "password managers can autofill" as a vulnerability, or it flags "passwords aren't allowed to autofill" as a vulnerability.
Show threadSam Crudge Aug 6, 2023
@jsmall it autofilled from the server side
Show threadJoshua SmallAug 6, 2023
@Crudge Wait wat
Show threadSam Crudge Aug 6, 2023
@jsmall it was a flag switched to off which just looked weird so I flicked it on typed in * and it then Autofilled the password for admin