Security issue with autofilled passwords in AnkiWeb

Damien Elmes's Avatar

Damien Elmes

11 Nov, 2017 04:06 AM

A security flaw was discovered in AnkiWeb recently that made it possible for malicious shared decks to capture your AnkiWeb password if your browser was set up to automatically fill in your email and password on the login page.

The flaw has been fixed, and there is no evidence that any shared decks ever exploited this flaw. But out of an abundance of caution, if your browser automatically fills in your password when you visit the ankiweb.net login page, and you have studied shared decks with AnkiWeb in the past, you may want to change your password.

A big thank you to David Bailey for discovering this issue.

  1. Damien Elmes closed this discussion on 11 Nov, 2017 04:06 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac