So it seems like the issue is solved and the only question remaining is will they accept it.
The big vulnerability was that the password was being saved in the clipboard after pushing the button. I implemented a fix to clear it but the drawback is that method is one in the same for every button pushed not only the password and in that perspective every clipboard entry would have been cleared after 15s not only the password.
Solving this meant I altered the copyable.js file which is where the button is instantiated.
Let us see what the board thinks of these changes… And I also noticed these guys do not put a lot of comments in their code, I mean most of the logic is pretty blunt as to what is going on but comments would have been appreciated.