Please find details for security issue during Pen test,
Description : Password field with autocomplete enabled.
Mitigation step :
"To prevent browsers from storing credentials entered into HTML forms, include the attribute autocomplete=""off"" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).
Please note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance."
i checked the pdn for the same, but didnt get find anything.
Is it something that i can set the autocomplete attribute globally or any DASS settings? could you please advise on this?
could you please advise where could I plug "<form action="/action_page.php" method="get" autocomplete="on">" in web-login section? It is because trial and error affects the productivity of other developers.
Also, advise how would I revert the changes if anything goes wrong in worst case?
Posted: 4 years ago
Posted: 5 Feb 2018 5:12 EST
Adithya Kurmachalam (Adithya1)