Facebook
TwitterCentOS 6.5, Plesk 12.0.18#16
Would like to have the autocomplete disabled. Personal preference.
Martin Ottiger in thread http://forum.parallels.com/showthre...other-Plesk-annoyance!&highlight=autocomplete doesn't seem to work in 12 anymore.
ikaryn suggested in http://forum.parallels.com/showthread.php?210121-Saving-Login-Information&highlight=autocomplete a solution which is only for one session.
As far as I can find it seems hardcoded into the login_up.php3 file.
Is there a way to turn off the autocomplete somewhere permanently?
security software complained:
----------------------------------------------
AutoComplete Attribute Not Disabled for Password in Form Based Authentication
QID: 86729 CVE Base: – Port: 8443
CVSS Temporal: – Category: Web server
CVE ID: -
Threat:
The Web server allows form based authentication without disabling the AutoComplete feature for the password field.
Impact:
The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.
Solution:
Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.
Results:
GET /login_up.php3 HTTP/1.1
Host: ourserver.com:8443
Connection: Keep-Alive
<form id="form-login" enctype="application/x-www-form-urlencoded" action="/login_up.php3" method="post" autocomplete="on">
----------------------------------------------\
Would like to have the autocomplete disabled. Personal preference.
Martin Ottiger in thread http://forum.parallels.com/showthre...other-Plesk-annoyance!&highlight=autocomplete doesn't seem to work in 12 anymore.
ikaryn suggested in http://forum.parallels.com/showthread.php?210121-Saving-Login-Information&highlight=autocomplete a solution which is only for one session.
As far as I can find it seems hardcoded into the login_up.php3 file.
Is there a way to turn off the autocomplete somewhere permanently?
security software complained:
----------------------------------------------
AutoComplete Attribute Not Disabled for Password in Form Based Authentication
QID: 86729 CVE Base: – Port: 8443
CVSS Temporal: – Category: Web server
CVE ID: -
Threat:
The Web server allows form based authentication without disabling the AutoComplete feature for the password field.
Impact:
The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.
Solution:
Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.
Results:
GET /login_up.php3 HTTP/1.1
Host: ourserver.com:8443
Connection: Keep-Alive
<form id="form-login" enctype="application/x-www-form-urlencoded" action="/login_up.php3" method="post" autocomplete="on">
----------------------------------------------\