aaronstephenson
commented
4 years ago This is an "info" level vulnerability, so no rush to remediate it right now.
Closed aaronstephenson closed 3 years ago
aaronstephenson
commented
4 years ago This is an "info" level vulnerability, so no rush to remediate it right now.
Acunetix scan reports this app allows autocomplete on a password field. When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
The password auto-complete should be disabled in sensitive applications. To disable auto-complete, you may use a code similar to:
The login form is found at /SiGLDMS/component/logInOut/login.html