keeleysam
commented
9 years ago This is really a personal preference, and is definitely not a security vulnerability.
Disabling autocomplete is an annoyance which is easily circumvented browser side.
I'd suggest you actually audit how your browsers are storing those passwords, and use SSL so it becomes difficult to MITM.
On Tuesday, May 19, 2015, Bill McIlhargey notifications@github.com wrote:
As part of our external PCI audit munkiwebadmin has a vulnerability with django where the form password elements do not have autocomplete turned off.
Here is how to correct this:
Fix AutoComplete on Password fields
In Finder, go to /usr/local/munkiwebadmin/lib/python2.7/site-packages/django/forms Make a copy of widgets.py Edit widgets.py Find "class PasswordInput(TextInput):"
On the line "def init(self, attrs=None, render_value=False):"
Replace it with
"def init(self, attrs={'autocomplete':'off'}, render_value=False):"
— Reply to this email directly or view it on GitHub https://github.com/munki/munkiwebadmin/issues/23.
Samuel Keeley
As part of our external PCI audit munkiwebadmin has a vulnerability with django where the form password elements do not have autocomplete turned off.
Here is how to correct this:
Fix AutoComplete on Password fields
In Finder, go to /usr/local/munkiwebadmin/lib/python2.7/site-packages/django/forms Make a copy of widgets.py Edit widgets.py Find "class PasswordInput(TextInput):"
On the line "def init(self, attrs=None, render_value=False):"
Replace it with
"def init(self, attrs={'autocomplete':'off'}, render_value=False):"