Vulnerabilities/

Auto Complete Enabled Password Input

Severity:
Low

Description

Enabling autocomplete for password input fields allows browsers to save and autofill sensitive information, such as passwords. This poses a security risk, particularly on shared or public computers, where unauthorized users may access saved credentials.

Recommendation

Disable autocomplete for sensitive form inputs by adding the attribute autocomplete="off" to password input fields. This prevents browsers from saving and autofilling passwords, enhancing security.

References

Related Issues

Tags:
Application Misconfiguration
Data Security
WASC-15
CWE-16
OWASP 2021-A5
OWASP 2017-A6
OWASP 2013-A5
Anything's wrong? Let us know Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue

Download