Issues » Password fields with enabled autocomplete

Issue: SI-25
Date: Apr 21, 2014, 11:00:00 AM
Severity: Low
Requires Admin Access: No
Fix Version: 2.5.4
Credit: it.sec GmbH & Co. KG – Hans-Martin Münch & Markus Piéton
Description:

The enabled password “autocomplete” feature allows the storage of the dotCMS credentials on the client. A attacker with physical access to the client is able to retrieve the credentials by extracting it from the browsers password storage.

Mitigation:

  

Highly Rated and Recommended

We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews