Vulnerability "Password type input with autocomplete enabled"

Recently we had a vulnerability test in our solarwinds sam 6.0.0 server and this vulnerability was found. Is there a way to patch it?

The recomendation is :

"The password autocomplete should be disabled in sensitive applications.To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off">"

Reference: http://www.acunetix.com/vulnerabilities/password-type-input-with/

Thanks

Find more posts tagged with

sam

password

vulnerability

Accepted answers

All comments

aLTeReGo

This is a function of the web browser. What the report is stating is that the browser could attempt to auto-complete a password field in the product for ease of use, and that changes to the SolarWinds product could be made that would prevent (some) browsers from attempting to auto-complete password fields.

jmanuelgg

Right But, Is there a way that set the autocomplete in the password field to off?

This could prevent browsers asks for save the password

Can this be a request?

aLTeReGo

This definitely could be requested as a feature. There is however no simple way of implementing this change today outside of editing the files in inetpub\solarwinds directory. These changes would be however be overwritten when you upgrade or re-run the Configuration Wizard. They would also not be supported in any "official" capacity. Likely the simplest way would be to push a group policy change that would disable the saving of passwords in the browser.