Vulnerability scanners might detect the following AutComplete vulnerability:
QID-86729-857258 | AutoComplete Attribute Not Disabled for Password in Form Based Authentication |
VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x
The setting for certain browsers such as Mozilla, Chrome, Edge have auto complete password fields 'on' for certain login pages setup via html or JavaScript.
This vulnerability has been fixed with the following ESXi release/builds:
For ESXi 7.0: VMware ESXi 7.0 Update 3l Release Notes
For ESXi 8.0: VMware ESXi 8.0 Update 1 Release Notes
If the scanner still reports the vulnerability after reaching the fixed version, check the following:
/usr/lib/vmware/hostd/docroot/ui/views/
less login.html
autocomplete="off"