Auto Complete Enabled Password Input

Impact: Low

Description

Enabling autocomplete for password input fields allows browsers to save and autofill sensitive information, such as passwords. This poses a security risk, particularly on shared or public computers, where unauthorized users may access saved credentials.

Recommendation

Disable autocomplete for sensitive form inputs by adding the attribute autocomplete="off" to password input fields. This prevents browsers from saving and autofilling passwords, enhancing security.

References

CWE-16
Mozilla Developer Network (MDN) Web Docs: autocomplete attribute
OWASP 2021-A5
OWASP: Secure Coding Practices Quick Reference Guide

👉 You might also like:

Password Input on HTTP - Vulnerability

Password Sent in HTTP Query - Vulnerability

Password Sent Over HTTP - Vulnerability

Cookie Accessible for Subdomains - Vulnerability

Last updated on May 13, 2024

Auto Complete Enabled Password Input

Description

Recommendation

References

Use SmartScanner Free version to test for this issue