CA Release Automation Autocomplete Is Enabled on Sensitive Fields
Article ID: 144423
CA Release Automation - Release Operations Center (Nolio)CA Release Automation - DataManagement Server (Nolio)
In our security audit we identified that in Release Automation (RA) the auto-complete and remember password is enabled for login. This is currently labeled as vulnerability can you please provide how we can descend this vulnerability.
Release : 6.6
Component : CA RELEASE AUTOMATION CORE
The auto-complete is turned off at the application form level, as you can see below.
The password remembering feature observed is due to browser password manager features. The solution to resolve issue is listed below.
Enable SSL as most browsers will not allow autocomplete for HTTPS sessions.
The browser have the feature of saving the form data which can be turned off overall/sites need to be made by your browser administrator.