AnsweredAssumed Answered

AutoComplete Attribute Not Disabled for Password in Form Based Authentication

Question asked by shynu sivarajan on Nov 25, 2013

Hi,

I have a Live machine  scanned by Qualys and it points following vulnerability

"AutoComplete Attribute Not Disabled for Password in Form Based Authentication"

w ith QID: 86729.

 

I have Made the following fixes for it.

 

Disabling the autocomplete feature inside the HTML code like

 

----code starts here----

 

<form action="myfile.jsp" method="post" name="loginform" autocomplete="off">

login <input type="text" name="userid" maxlength="20" autocomplete="off" />

password:<input name="password" maxlength="20" type="password" autocomplete="off" />

<input type="submit" value="Enter" />

</form>

 

--code ends here---

 

I had tested with Chrome , Firebox and IE browser.None of these browsers store the {login/password} contents into their cache

Still the report shows the same result

where do i miss?

 

Deployed webserver: Apache tomcat 7.0.42

http: Disabled

https: Enabled

 

 

Thanks

Outcomes