Login form does not disable auto-completion
Bug #1298781 reported by
Julian Edwards
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
Medium
|
Graham Binns |
Bug Description
Login credentials may be recovered by other users of the same computer. In combination with any cross-site scripting vulnerabilities that may exist, this vulnerability can potentially allow remote attackers to steal login credentials.
Disable autocomplete completely by setting the form’s autocomplete attribute to off.
Related branches
lp:~gmb/maas/login-form-auto-complete-bug-1298781
- Jeroen T. Vermeulen (community): Approve
-
Diff: 99 lines (+31/-9)5 files modifieddocs/conf.py (+2/-0)
src/maasserver/context_processors.py (+2/-1)
src/maasserver/templates/registration/login.html (+6/-1)
src/maasserver/views/tests/test_account.py (+19/-1)
src/provisioningserver/custom_hardware/seamicro.py (+2/-6)
Changed in maas: | |
status: | Triaged → In Progress |
assignee: | nobody → Graham Binns (gmb) |
Changed in maas: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
If making this change would prevents password managers like LastPass from working then I'm -1. I assume it does.