Disable Autocomplete for usernames
Completed
Our web application vulnerability scanner is identifying an Autocomplete is Enabled vulnerability on our site. The issue is coming from the username field on the Account Request Sign-up Form. We would like the autocomplete="off" attribute to be added to this field to remediate the vulnerability and improve the security of the application.
- What is the problem that this feature would fix? It disable autocomplete, which would remediate the vulnerability and improve the security of the application.
- Why is it a problem? Usernames are considered sensitive information and should not be cached by the browser. An attacker who can access the victim's browser could steal this information and use it in subsequent attacks such as spear phishing, brute forcing, password stuffing, etc..
- Is there a workaround you currently have for this problem? No
- Do you have a suggestion on how you would like to see the problem fixed? Yes, by adding the autocomplete="off" attribute to the username field on the Account Request Sign-up Form.
- How big is the problem? Who is affected by this problem (End Users, Admins, etc.)? It is a low severity vulnerability, however, it puts our end users, application, and organization at risk.
-
Hello Viji,
Thank you for submitting this enhancement. Would you by chance be able to send your scan result over to our support team? We'd just like to make sure we can pass on the urgency behind this request to our product team.
Thanks!
0 -
Good Morning, connor,
Hope you received the scanning results. Let me know what is the status of this request.
0 -
Good Afternoon,
Let me know what is the status of this request? Our security team wants to know ETA for it.
0 -
Hello Viji,
This was addressed in our 2025.3 release. Release Notes | Cerberus FTP Server
-
Improved: Enhancement on Web Client Security on the Account Request page.
0 -
Please sign in to leave a comment.
Comments
4 comments