You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/07/04 05:41:56 UTC
[Bug 56696] New: Please verify autocomplete enabled
https://issues.apache.org/bugzilla/show_bug.cgi?id=56696
Bug ID: 56696
Summary: Please verify autocomplete enabled
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: vickersfrank@hotmail.com
Created attachment 31790
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31790&action=edit
apache vulnerabilities
Autocomplete Enabled
Autocomplete was not turned off.
Autocomplete is a HTML tag attribute used to disable the form auto completion
mechanism of the browser.
Impact
An attacker able to access the browser cache can retrieve sensible information
in cleartext.
Solution
Although auto-completion is a useful feature it should be disabled
(autocomplete=”off”) in forms, which process sensitive data, such account
credentials, banking and personal information.
References
http://dev.w3.org/html5/spec-LC/common-input-element-attributes.html#the-autocomplete-attribute
Details (5)
url: http://apache.org
form: <form name="search" id="search" action="http://www.google.com/search"
method="get">
url: http://tomcat.apache.org
form: <form action="https://www.google.com/search" method="get">
url: http://manifoldcf.apache.org
form: <form action="http://find.searchhub.org/p:manifoldcf" method="get"
class="roundtopsmall">
url: http://maven.apache.org
form: <form action="http://www.google.com/cse"
id="searchbox_006660305041243700248:hyqtfwsewpm">
url: http://accumulo.apache.org
form: <form method="GET" action="http://search-hadoop.com/" class="navbar-form
navbar-right" role="search">
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56696] Please verify autocomplete enabled
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56696
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Eric Covener <co...@gmail.com> ---
This bugzilla is for defects in httpd, not for reports about ASF
infrastructure.
Furthermore the forms your scanner identified have no reason to disable
autocomplete.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org