Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-2480

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

    XMLWordPrintable

    Details

    • Type: Change Request
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 2.0.12, 2.0.13, 2.2.4, 2.2.5, 2.2.6, 2.3.3, 2.3.4, 2.3.5, 2.4.0
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Labels:

      Description

      Threat

      The Web server allows form based authentication without disabling the AutoComplete feature for the password field.

      Impact

      The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.

      Solution

      Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            dngoldenberg Doug Goldenberg
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: