https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33253
Bug ID: 33253
Summary: 2FA - Form not excluded from autofill
Change sponsored?: ---
Product: Koha
Version: 22.05
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Staff interface
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
I've been testing the 2FA module in our install, working great so far, but I
noticed the authentication form field is not marked to be excluded from auto
completion. Because of this, after several weeks of use, every time I click on
the field, I see a list of all prior authentication codes used. This might be
possible to be used in an attack to reverse-engineer the secret key using past
codes and when they were entered. Even if that isn't the case, it means
browsers are saving loads of unnecessary data that is one-time use.
Information on how to disable auto completion in form fields can be found here:
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
