https://issues.apache.org/bugzilla/show_bug.cgi?id=56696
Bug ID: 56696
Summary: Please verify autocomplete enabled
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Created attachment 31790
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31790&action=edit
apache vulnerabilities
Autocomplete Enabled
Autocomplete was not turned off.
Autocomplete is a HTML tag attribute used to disable the form auto completion
mechanism of the browser.
Impact
An attacker able to access the browser cache can retrieve sensible information
in cleartext.
Solution
Although auto-completion is a useful feature it should be disabled
(autocomplete=”off”) in forms, which process sensitive data, such account
credentials, banking and personal information.
References
http://dev.w3.org/html5/spec-LC/common-input-element-attributes.html#the-autocomplete-attribute
Details (5)
url: http://apache.org
form: <form name="search" id="search" action="http://www.google.com/search";
method="get">
url: http://tomcat.apache.org
form: <form action="https://www.google.com/search"; method="get">
url: http://manifoldcf.apache.org
form: <form action="http://find.searchhub.org/p:manifoldcf"; method="get"
class="roundtopsmall">
url: http://maven.apache.org
form: <form action="http://www.google.com/cse";
id="searchbox_006660305041243700248:hyqtfwsewpm">
url: http://accumulo.apache.org
form: <form method="GET" action="http://search-hadoop.com/"; class="navbar-form
navbar-right" role="search">
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
