CA Release Automation Autocomplete Is Enabled on Sensitive Fields

book

Article ID: 144423

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

In our security audit we identified that in Release Automation (RA) the auto-complete and remember password is enabled for login. This is currently labeled as vulnerability can you please provide how we can descend this vulnerability.

Environment

Release : 6.6

Component : CA RELEASE AUTOMATION CORE

Resolution

The auto-complete is turned off at the application form level, as you can see below.

The password remembering feature observed is due to browser password manager features. The solution to resolve issue is listed below.

  1. Enable SSL as most browsers will not allow autocomplete for HTTPS sessions. 
  2. The browser have the feature of saving the form data which can be turned off overall/sites need to be made by your browser administrator.

Attachments