japit
commented
9 years ago Comment received to expand FDP_PST_EXT.1 to mandate safe handling of auto-complete and password storage. FMT_MOF_EXT.1 addresses the following options/requirements:
- Enable/disable storage of sensitive information in persistent storage
- Deletion of stored browsing data (cache, web form information)
- Enable/disable ability for websites to collect tracking
An attacker who compromises the browser may be able to retrieve usernames and passwords stored for auto-completion, even if those credentials are stored by the underlying platform. At the same time, even if usernames and passwords are not stored for autocompletion, a determined attacker may persist until the username and passwords are manually entered and collect them at that time.