Auto Complete Enabled Password Input

Impact: Low

Description

The user browser can save and remember the entered values for user input fields with autocomplete enabled attributes. This might reveal sensitive information like passwords, especially in public and multi-user computers.

Recommendation

Add the attribute autocomplete="off" for sensitive form inputs.

References

OWASP 2017-A6
OWASP 2021-A5
CWE-16

👉 You might also like:

Password Sent in HTTP Query - Vulnerability

Password Sent in Query - Vulnerability

PHP Version Disclosure - Vulnerability

X-Powered-By Header Found - Vulnerability

Last updated on February 15, 2021

Auto Complete Enabled Password Input

Description

Recommendation

References

Use SmartScanner Free version to test for this issue