This isn't really a security issue, it is how URLs work. The value specified before the "@" is considered to be the username. See RFC 3986. (https://www.ietf.org/rfc/rfc3986.txt)
That being said, while Chrome simply allows the username, firefox does display a warning to the user.
This isn't really a security issue, it is how URLs work. The value specified before the "@" is considered to be the username. See RFC 3986. (https:/ /www.ietf. org/rfc/ rfc3986. txt)
That being said, while Chrome simply allows the username, firefox does display a warning to the user.