Another Rookie here. I have developed a Citrix Workflow that has the “Get Password” activity before the password is actually typed into the password box.
However, during the demo, I was able to move the login box within the RDP window one step lower and fool the robot to type the password into the “admin” text field. The password was revealed in full view of my team member I was demonstrating the workflow to.
I don’t know how easy or difficult it’s to implement, but would it be possible to add an attribute to the “Type Into” activity, that if the password is not typed into it’s intended location, then the string conversion to a plain text password does not happen. Instead, a string of random characters could simply be typed into the wrong location?
This way, the password would not be revealed even if typed into a non-password field.
One way, this could work is match the image alongside the type-into location. If the type-into text is a password and the anchor image does not match the preset image, then the password type-into must either fail, or output junk into the plain text field.