SOLVED
Home

We've detected an insecure login form

%3CLINGO-SUB%20id%3D%22lingo-sub-1044634%22%20slang%3D%22en-US%22%3EWe've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1044634%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20pop%20up%20below%20is%20displayed%20when%20I%20login%20to%20certain%20sites.%20It%20seems%20to%20be%20something%20that%20started%20recently%2C%20but%20I%20can't%20say%20for%20sure.%20It%20mentions%20LastPass%2C%20which%20I'm%20using%2C%20but%20I%20can't%20find%20this%20message%20associated%20with%20LastPass%20and%20I%20don't%20get%20this%20pop%20up%20on%20the%20%22old%22%20Edge%20browser%2C%20just%20the%20chrome%20version%20(%3CSPAN%3EVersion%2080.0.334.4%20(Official%20build)%20dev%20(64-bit))%3C%2FSPAN%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20URL%20on%20the%20address%20bar%20has%20https%2C%20and%20the%20message%20has%20a%20different%20address%2C%20passport.aliexpress.com%20vs%20the%20URL%20of%20%3CA%20href%3D%22http%3A%2F%2Fwww.aliexpress.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewww.aliexpress.com%3C%2FA%3E.%20I'm%20assuming%20that%20is%20their%20authentication%20server.%20I%20traced%20the%20requests%20in%20F12%20network%20tab%20and%20don't%20see%20anything%20that%20isn't%20https.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Is%20the%20browser%20showing%20that%20message%2C%20or%20the%20LastPass%20extension%3F%3C%2FP%3E%3CP%3E2.%20What%20is%20making%20it%20insecure%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20makes%20me%20think%20my%20login%20info%20is%20about%20to%20be%20spewed%20all%20over%20the%20internet.%20Wondering%20if%20that%20is%20true%20or%20just%20a%20quirk%20in%20the%20new%20browser.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20insights%20would%20be%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20520px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F159817i37A07527797EE24E%2Fimage-dimensions%2F520x129%3Fv%3D1.0%22%20width%3D%22520%22%20height%3D%22129%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1044752%22%20slang%3D%22en-US%22%3ERe%3A%20We've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1044752%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F448026%22%20target%3D%22_blank%22%3E%40Thunderhelper%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esince%20you%20mentioned%20this%20problem%20started%20happening%20recently%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F159848iD47E5CC56CF9B4EC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Annotation%202019-12-03%20215853.png%22%20title%3D%22Annotation%202019-12-03%20215853.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20orange%20flag%20was%20added%20recently%20to%20the%20Edge%20insider%20(look%20at%20the%20version).%3C%2FP%3E%3CP%3Eyou%20can%20try%20turning%20on%20and%20off%20both%20orange%20and%20green%20flags%20and%20see%20if%20they%20fix%20your%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhich%20Edge%20insider%20version%20are%20you%20using%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1045290%22%20slang%3D%22en-US%22%3ERe%3A%20We've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1045290%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3BWell%2C%20I%20was%20using%26nbsp%3B%3CSPAN%3EVersion%2080.0.334.4%20(Official%20build)%20dev%20(64-bit)%20then%2C%20in%20the%20middle%20of%20trying%20out%20what%20you%20mentioned%20below%2C%20it%20updated%20to%26nbsp%3B%3C%2FSPAN%3EVersion%2080.0.345.0%20(Official%20build)%20dev%20(64-bit).%26nbsp%3B%20FWIW%2C%20this%20setting%20%22%3CSPAN%3EBlockable%20mixed%20content%20switch%20as%20site%20setting%22%20only%20became%20available%20after%20the%20update.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegardless%2C%20something%20helped%20-%20either%20toggling%20the%20settings%20or%20the%20new%20version.%26nbsp%3B%20Now%20I%20don't%20get%20that%20pop%20up%20any%20longer.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20advice!%3CBR%20%2F%3EDavid%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1045300%22%20slang%3D%22en-US%22%3ERe%3A%20We've%20detected%20an%20insecure%20login%20form%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1045300%22%20slang%3D%22en-US%22%3EYou're%20welcome%2C%20glad%20to%20know%20it's%20fixed%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Thunderhelper
New Contributor

The pop up below is displayed when I login to certain sites. It seems to be something that started recently, but I can't say for sure. It mentions LastPass, which I'm using, but I can't find this message associated with LastPass and I don't get this pop up on the "old" Edge browser, just the chrome version (Version 80.0.334.4 (Official build) dev (64-bit)).

 

The URL on the address bar has https, and the message has a different address, passport.aliexpress.com vs the URL of www.aliexpress.com. I'm assuming that is their authentication server. I traced the requests in F12 network tab and don't see anything that isn't https. 

 

1. Is the browser showing that message, or the LastPass extension?

2. What is making it insecure?

 

It makes me think my login info is about to be spewed all over the internet. Wondering if that is true or just a quirk in the new browser.

 

Any insights would be appreciated.

 

clipboard_image_1.png

3 Replies
Solution

Hi @Thunderhelper 

since you mentioned this problem started happening recently

 

Annotation 2019-12-03 215853.png

 

the orange flag was added recently to the Edge insider (look at the version).

you can try turning on and off both orange and green flags and see if they fix your problem.

 

which Edge insider version are you using?

@HotCakeX Well, I was using Version 80.0.334.4 (Official build) dev (64-bit) then, in the middle of trying out what you mentioned below, it updated to Version 80.0.345.0 (Official build) dev (64-bit).  FWIW, this setting "Blockable mixed content switch as site setting" only became available after the update.

 

Regardless, something helped - either toggling the settings or the new version.  Now I don't get that pop up any longer. 

 

Thanks for the advice!
David

You're welcome, glad to know it's fixed :)
Related Conversations
Modern Authentication Issue
cvincent in Microsoft Teams on
1 Replies
Login prompting for more information
Bruce Burge in Office 365 on
5 Replies
Specific Form
Wanen in Access on
0 Replies
Login issue with multiple accounts - teams web app
Devin Taylor in Microsoft Teams on
2 Replies