Our security team reported a vulnerability in 6.6 & 6.7 version which is around "Auto-complete is enabled for sensitive fields" and they are suggesting to use auto-complete="off" something like below configuration
<asp:TextBox ID="txtPswd" TabIndex="3" runat="server" Width="150px" CssClass="bdr" MaxLength="15" TextMode="New_Password" autocomplete="off" AutoComplet
Kindly help us to resolve the same.
Release : 6.6, 6.7
Component : CA RELEASE AUTOMATION CORE
RA security experts reviewed the vulnerability reported and they rejects the vulnerability i.e. "Auto-completion of sensitive fields (Login Page)" as a false alert at product end. Please find the cause for rejection.
The screen shot, is the one which is from browser save password utility. This features should be managed and disabled by administrators maintaining browser configuration at system level.