Question

4
Replies
430
Views
NagarajP0101 Member since 2017 54 posts
ING Belgium SA NV
Posted: February 1, 2018
Last activity: February 5, 2018
Closed
Solved

Security issues after Pen test -Password field with autocomplete enabled

Hi,

Please find details for security issue during Pen test,

Description : Password field with autocomplete enabled.

Mitigation step :
"To prevent browsers from storing credentials entered into HTML forms, include the attribute autocomplete=""off"" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).
Please note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance."

i checked the pdn for the same, but didnt get find anything.

Is it something that i can set the autocomplete attribute globally or any DASS settings? could you please advise on this?

DevOps
Moderation Team has archived post
Share this page LinkedIn