Unsecure Form warning on a secure form

24 views
Skip to first unread message

antho...@velresco.com

unread,
Dec 14, 2020, 12:39:59 PM12/14/20
to securi...@chromium.org

Hi,

 

For an internal business app we are getting the following warning on chrome:

 

But as far as we can tell we use https on the form, so not sure why we are getting the warning?

 

<form class="login" action="https://www.velresco.com/portal/login" method="post">

    <table><tbody><tr>

        <th><label for="email">Email:</label></th>

        <td><input type="text" autocomplete="username email" name="email" id="email" value=""></td>

        <td></td>

        </tr><tr>

        <th><label for="pwd">Password:</label></th>

        <td><input type="password" autocomplete="current-password" name="pwd" id="pwd"></td>

        <td><input type="submit" name="submit" class="small" value="Log In"></td>

   

    </tr><tr><th></th>

    <td><span class="em"><a href="https://www.velresco.com/portal/forgotpwd">Password Reminder</a></span></td>

    <td></td></tr>

    </tbody></table>

</form>

 

It’s an old piece of code, so it sits the form in a table , is that a problem?

 

Regards,
Anthony

 

 

 

Anthony Guy

Director

+44 (0)7581 425392 | +44(0)2920 499 956

www.velresco.com

 

velresco-logo-h

 

Registered Office: Velresco Group Ltd, 7 East Ridge View, Garforth, Leeds, LS25 2PN

Registered in England, Registered number: 07893929. VAT number: 994980937

 

The contents in this email and any attachments are strictly confidential.  They may not be disclosed to someone who is not a named or authorised recipient.  They may also be subject to copyright.  Unauthorised disclosure, copying or use is prohibited.

If you receive this email in error, please notify the sender by replying using the words 'misdirected email' in the subject and then delete the message and any attachments from your system.  Although this email and any attachments have been scanned for viruses, this is not guaranteed.  The recipient(s) should therefore carry out any checks that they believe to be appropriate in this respect.

Please note that internet email is not 100% secure.  You must either accept this lack of security when emailing us and/or when relying on the contents of this email or you must take such steps as you consider necessary to protect yourself and any ultimate recipient of this email or of the information contained in this email.

 

Cloud based engagement products, brought to you by Velresco:

 

image001.jpg
image002.png
image003.png
image004.png

Emily Stark

unread,
Dec 14, 2020, 12:49:51 PM12/14/20
to antho...@velresco.com, security-dev
Hello,
We are currently investigating this and you can follow this bug for updates: https://bugs.chromium.org/p/chromium/issues/detail?id=1158169
If your server redirects the form submission to an insecure http:// URL, that may be the cause of the warning, so you might want to check that the entire request including any redirects is sent over https://.
Emily

--
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.
Reply all
Reply to author
Forward
0 new messages