Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-2480

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

XMLWordPrintable

    • Sprint 69 (Oct 2020), Sprint 70 (Nov 2020)
    • 3

      Threat

      The Web server allows form based authentication without disabling the AutoComplete feature for the password field.

      Impact

      The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.

      Solution

      Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.

        1. image-2023-08-01-14-35-30-415.png
          34 kB
          David Cahill
        2. image-2023-08-01-14-36-25-016.png
          29 kB
          David Cahill
        3. image-2023-08-01-16-03-11-502.png
          46 kB
          David Cahill
        4. image-2023-08-10-11-36-00-202.png
          26 kB
          David Cahill
        5. Screenshot from 2020-11-04 15-58-48.png
          82 kB
          Sergejs Maklakovs
        6. zbxNext2480-2.2.7.patch
          0.9 kB
          Marc
        7. zbxNext2480-2.2.7-2.patch
          0.9 kB
          Doug Goldenberg

            gcalenko Gregory Chalenko
            dngoldenberg Doug Goldenberg
            Team D
            Votes:
            1 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: