SOLVED

We've detected an insecure login form

%3CLINGO-SUB%20id%3D%22lingo-sub-1044634%22%20slang%3D%22en-US%22%3EWe've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1044634%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20pop%20up%20below%20is%20displayed%20when%20I%20login%20to%20certain%20sites.%20It%20seems%20to%20be%20something%20that%20started%20recently%2C%20but%20I%20can't%20say%20for%20sure.%20It%20mentions%20LastPass%2C%20which%20I'm%20using%2C%20but%20I%20can't%20find%20this%20message%20associated%20with%20LastPass%20and%20I%20don't%20get%20this%20pop%20up%20on%20the%20%22old%22%20Edge%20browser%2C%20just%20the%20chrome%20version%20(%3CSPAN%3EVersion%2080.0.334.4%20(Official%20build)%20dev%20(64-bit))%3C%2FSPAN%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20URL%20on%20the%20address%20bar%20has%20https%2C%20and%20the%20message%20has%20a%20different%20address%2C%20passport.aliexpress.com%20vs%20the%20URL%20of%20%3CA%20href%3D%22http%3A%2F%2Fwww.aliexpress.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewww.aliexpress.com%3C%2FA%3E.%20I'm%20assuming%20that%20is%20their%20authentication%20server.%20I%20traced%20the%20requests%20in%20F12%20network%20tab%20and%20don't%20see%20anything%20that%20isn't%20https.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Is%20the%20browser%20showing%20that%20message%2C%20or%20the%20LastPass%20extension%3F%3C%2FP%3E%3CP%3E2.%20What%20is%20making%20it%20insecure%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20makes%20me%20think%20my%20login%20info%20is%20about%20to%20be%20spewed%20all%20over%20the%20internet.%20Wondering%20if%20that%20is%20true%20or%20just%20a%20quirk%20in%20the%20new%20browser.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20insights%20would%20be%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20520px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F159817i37A07527797EE24E%2Fimage-dimensions%2F520x129%3Fv%3D1.0%22%20width%3D%22520%22%20height%3D%22129%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1044752%22%20slang%3D%22en-US%22%3ERe%3A%20We've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1044752%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F448026%22%20target%3D%22_blank%22%3E%40Thunderhelper%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esince%20you%20mentioned%20this%20problem%20started%20happening%20recently%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F159848iD47E5CC56CF9B4EC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Annotation%202019-12-03%20215853.png%22%20title%3D%22Annotation%202019-12-03%20215853.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20orange%20flag%20was%20added%20recently%20to%20the%20Edge%20insider%20(look%20at%20the%20version).%3C%2FP%3E%3CP%3Eyou%20can%20try%20turning%20on%20and%20off%20both%20orange%20and%20green%20flags%20and%20see%20if%20they%20fix%20your%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhich%20Edge%20insider%20version%20are%20you%20using%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1045290%22%20slang%3D%22en-US%22%3ERe%3A%20We've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1045290%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3BWell%2C%20I%20was%20using%26nbsp%3B%3CSPAN%3EVersion%2080.0.334.4%20(Official%20build)%20dev%20(64-bit)%20then%2C%20in%20the%20middle%20of%20trying%20out%20what%20you%20mentioned%20below%2C%20it%20updated%20to%26nbsp%3B%3C%2FSPAN%3EVersion%2080.0.345.0%20(Official%20build)%20dev%20(64-bit).%26nbsp%3B%20FWIW%2C%20this%20setting%20%22%3CSPAN%3EBlockable%20mixed%20content%20switch%20as%20site%20setting%22%20only%20became%20available%20after%20the%20update.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegardless%2C%20something%20helped%20-%20either%20toggling%20the%20settings%20or%20the%20new%20version.%26nbsp%3B%20Now%20I%20don't%20get%20that%20pop%20up%20any%20longer.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20advice!%3CBR%20%2F%3EDavid%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1045300%22%20slang%3D%22en-US%22%3ERe%3A%20We've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1045300%22%20slang%3D%22en-US%22%3EYou're%20welcome%2C%20glad%20to%20know%20it's%20fixed%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

The pop up below is displayed when I login to certain sites. It seems to be something that started recently, but I can't say for sure. It mentions LastPass, which I'm using, but I can't find this message associated with LastPass and I don't get this pop up on the "old" Edge browser, just the chrome version (Version 80.0.334.4 (Official build) dev (64-bit)).

 

The URL on the address bar has https, and the message has a different address, passport.aliexpress.com vs the URL of www.aliexpress.com. I'm assuming that is their authentication server. I traced the requests in F12 network tab and don't see anything that isn't https. 

 

1. Is the browser showing that message, or the LastPass extension?

2. What is making it insecure?

 

It makes me think my login info is about to be spewed all over the internet. Wondering if that is true or just a quirk in the new browser.

 

Any insights would be appreciated.

 

clipboard_image_1.png

3 Replies
Highlighted
Best Response confirmed by Thunderhelper (New Contributor)
Solution

Hi @Thunderhelper 

since you mentioned this problem started happening recently

 

Annotation 2019-12-03 215853.png

 

the orange flag was added recently to the Edge insider (look at the version).

you can try turning on and off both orange and green flags and see if they fix your problem.

 

which Edge insider version are you using?

Highlighted

@HotCakeX Well, I was using Version 80.0.334.4 (Official build) dev (64-bit) then, in the middle of trying out what you mentioned below, it updated to Version 80.0.345.0 (Official build) dev (64-bit).  FWIW, this setting "Blockable mixed content switch as site setting" only became available after the update.

 

Regardless, something helped - either toggling the settings or the new version.  Now I don't get that pop up any longer. 

 

Thanks for the advice!
David

Highlighted
You're welcome, glad to know it's fixed :)