Credit card filling is dangerously incorrect on Orbitz booking form

Hi, I just went to book a flight on Orbitz, and when I used the 1Password Chrome extension to fill my credit card information, it appeared to just fail to put the credit card number in the correct field. However, after I completed the booking I realized that 1Password had entered my cc number into the airline mileage rewards number field and the TSA Known Traveler number field. This is very bad because those fields are displayed in plain text in the receipt email! Please take a look; I hope the issue can be fixed. Also I think there's a more general issue here of filling fields that are not visible because they are not inside the current display area of the browser window. Ideally there would be some visual feedback that a field that you can't see has been modified.


1Password Version: 7.2.5
Extension Version: 4.7.3.90
OS Version: OS X 10.14.4
Sync Type: 1Password.com

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @ggilder,

    Can I just confirm we're talking about https://www.orbitz.com/ please. We'll happily investigate and file an issue as that is definitely not right at all.

  • ggilder
    ggilder
    Community Member

    Yes, that’s correct. I’d link to the page but you have to go through the process of booking a flight to get there.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @ggilder,

    That's fine, I anticipated the likely need to create a test account and make my way through until the payment form in order to test and file and this category of site means we should be able to easily do that. I just wanted to make sure of the address before starting :smile:

  • ggilder
    ggilder
    Community Member

    @littlebobbytables any update on this?

  • Hey @ggilder, I'm going to check in with @littlebobbytables and see where he's at with this. Thanks for your patience! :smile:

  • ag_michaelc
    edited June 2019

    @ggilder I'm looking into this now. :smile: Would you be able to share with me the type of credit card you filled as well as which airline's rewards this filled in?

    I just tested filling an American Express card with Air Canada and United as the two airlines, and the rewards number fields for those were not filled out with anything incorrectly. I will say it's entirely possible that, since I'm using 1Password 7.3 (and a slightly newer version of the extension, as well, 4.7.4.90), which was released after your original post, the newer filling "brain" included is being much smarter about things and the problem has incidentally been resolved. But to be safe, I'd still like to try to replicate this as best I can to your original scenario.

  • ggilder
    ggilder
    Community Member

    @ag_mcarlyle Sorry for the delay - the credit card I filled was a Visa, and the fields filled in were "Hawaiian Airlines HawaiianMiles" and "TSA Precheck" aka Known Traveler Number. Thanks, and let me know if you need any other info.

  • @ggilder and I'm sorry all the same for my late reply. :smile: Well, I'm afraid to say I'm not able to reproduce this issue on my end. Perhaps that's a good thing? I hate to put the onus on you, but would you be able to give things a mock go yourself and see if you're still seeing this now with 1Password 7.3.1? If you are and you're able to give me as exact steps to reproduce as possible (e.g., if you can give me start/end cities, etc., so I get a setup exactly the same), that'd be awesome, but if for privacy/other reasons you're unable, then I'd understand that of course.

    I'm also wondering, are there are any custom fields in your credit card item besides the standard fields like card number, name on card, CVV, etc.?

  • ggilder
    ggilder
    Community Member

    @ag_michaelc There aren't any custom fields in my credit card. Unfortunately I'm really busy for the next few weeks and won't have a chance to try it again. If you're unable to reproduce the issue I'm happy to consider this resolved. :smile:

  • :+1: We'll keep our eyes open on this, but I'm in agreement with you that we can consider this resolved for now. :smile:

This discussion has been closed.