Autocomplete enables in login form

Description

During the scan, Cytrix managed to find that Autocomplete is enabled in a login form.
In most web browsers, users can save the username and password they have entered in HTML forms.

Some of the data being submitted in forms might contain sensitive information (for example : credit cards and security codes).
As a website author, you might prefer that the browser won’t remember the values for such fields, even if the browser’s autocomplete feature is enabled. An attacker who found vulnerabilities in applications related to this site,such as Cross-Site Scripting (XSS), could exploit it to recover the browsers credentials.

Autocomplete is enabled in login form can be defined by the user as well as applications that use user credentials. If the function is enabled, the user credentials will be saved on the local server and can be retrieved by the attacker.

Recommendation

Make sure to add/edit the form by disabling, and, using the command :
autocomplete=”off”, to prevent this finding from reoccurring in the future.

References

https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

< Return to all Vulnerabilities

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »