Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-14975

Form attribute autocomplete="off" in User edit form is missed.

    XMLWordPrintable

    Details

    • Type: Problem report
    • Status: Open
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Team:
      Team B
    • Story Points:
      0.125

      Description

      Would be nice to have autocomplete="off" attribute set to user edit form. That improves usability (no reason to remember passwords entered there) and also reduces security risks since users can automatically confirm when password manager asks if password should be saved.

      Here is a note from OWASP security guidelines:

      Also, 'Autocomplete' feature allows a browser to cache whatever the user types in an input field of a form. To check this, the form tag or the individual input tags should include 'Autocomplete="Off" ' attribute. However, it should be noted that this attribute is non-standard (although it is supported by the major browsers) so it will break XHTML validation.

      Steps to reproduce:

      0) Make sure that password manager is not disabled to remember passwords in Zabbix frontend;
      1) Login as super admin;
      2) Change password to some user in Administration -> Users;

      Result:
      Browser password manager asks if password should be saved.

        Attachments

          Activity

            People

            Assignee:
            zabbix.dev Zabbix Development Team
            Reporter:
            Miks.Kronkalns Miks Kronkalns
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: