Penetration Test Penetration Test Found: 'Web Server Allows Password Auto-Completion'
Instance Detail:
The 'autocomplete' attribute is not disabled on password fields. Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%l %u %t %r %s %b %D" resolveHosts="false"></Valve>
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"></Valve>
</Host>
</Engine>
<Connector port="8443" address="xx.xx.xx.xx" enableLookups="true" autocomplete="off" disableUploadTimeout="true" tcpNoDelay="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" ciphers="TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" keystoreFile="/spectrum/custom/keystore/cacerts" keystorePass="Nocnesm4"></Connector>
Release : 22.2
Various Penetration Testing utilities will trigger on this finding.
This only prevents the browser from auto completing passwords and various other fields on the webpages it services.
This will have no effect on the functionality of the DX NetOps Spectrum product.