You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/07/04 05:41:56 UTC

[Bug 56696] New: Please verify autocomplete enabled

https://issues.apache.org/bugzilla/show_bug.cgi?id=56696

            Bug ID: 56696
           Summary: Please verify autocomplete enabled
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: vickersfrank@hotmail.com

Created attachment 31790
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31790&action=edit
apache vulnerabilities

Autocomplete Enabled

Autocomplete was not turned off.


Autocomplete is a HTML tag attribute used to disable the form auto completion
mechanism of the browser.


Impact
An attacker able to access the browser cache can retrieve sensible information
in cleartext.


Solution
Although auto-completion is a useful feature it should be disabled
(autocomplete=”off”) in forms, which process sensitive data, such account
credentials, banking and personal information.


References
http://dev.w3.org/html5/spec-LC/common-input-element-attributes.html#the-autocomplete-attribute

Details (5)
url: http://apache.org
form: <form name="search" id="search" action="http://www.google.com/search"
method="get">
url: http://tomcat.apache.org
form: <form action="https://www.google.com/search" method="get">
url: http://manifoldcf.apache.org
form: <form action="http://find.searchhub.org/p:manifoldcf" method="get"
class="roundtopsmall">
url: http://maven.apache.org
form: <form action="http://www.google.com/cse"
id="searchbox_006660305041243700248:hyqtfwsewpm">
url: http://accumulo.apache.org
form: <form method="GET" action="http://search-hadoop.com/" class="navbar-form
navbar-right" role="search">

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 56696] Please verify autocomplete enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56696

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Eric Covener <co...@gmail.com> ---
This bugzilla is for defects in httpd, not for reports about ASF
infrastructure.

Furthermore the forms your scanner identified have no reason to disable
autocomplete.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org