Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-2480

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

    XMLWordPrintable

    Details

    • Team:
      Team D
    • Sprint:
      Sprint 69 (Oct 2020), Sprint 70 (Nov 2020)
    • Story Points:
      3

      Description

      Threat

      The Web server allows form based authentication without disabling the AutoComplete feature for the password field.

      Impact

      The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.

      Solution

      Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.

        Attachments

          Activity

            People

            Assignee:
            gcalenko Gregory Chalenko
            Reporter:
            dngoldenberg Doug Goldenberg
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: