Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-2480

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

    XMLWordPrintable

Details

    • Team D
    • Sprint 69 (Oct 2020), Sprint 70 (Nov 2020)
    • 3

    Description

      Threat

      The Web server allows form based authentication without disabling the AutoComplete feature for the password field.

      Impact

      The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.

      Solution

      Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.

      Attachments

        Activity

          People

            gcalenko Gregory Chalenko
            dngoldenberg Doug Goldenberg
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: