DescriptionParamvir jindal
2019-09-03 06:21:38 UTC
autocomplete=off is not present in the password field or at the form level in the login page source code:
---------------
<form class="form-horizontal" role="form" action="j_security_check?locale=en_US" method="POST">
<div class="form-group">
<label for="j_username" class="col-sm-2 col-md-2 control-label">Username</label>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" value="" name="j_username" id="j_username" placeholder="" tabindex="1" autofocus />
</div>
</div>
<div class="form-group">
<label for="j_password" class="col-sm-2 col-md-2 control-label">Password</label>
<div class="col-sm-10 col-md-10">
<input type="password" class="form-control" id="j_password" name="j_password" placeholder="" tabindex="2">
</div>
</div>
<div class="form-group">
<div class="col-xs-offset-8 col-xs-4 col-sm-offset-8 col-sm-4 col-md-offset-8 col-md-4 submit">
<button type="submit" class="btn btn-primary btn-lg" tabindex="3">Sign In</button>
</div>
</div>
</form>
--------------
Solution:
Disable autocomplete for all sensitive fields like:
<input type="password" autocomplete="off" name="pw">
If there are many fields, it may be faster to set the "autocomplete" attribute to "off" in the outer <form> tag. For
example:
<form action="/login.jsp" autocomplete="off" name="pw">
<input type="password" name="pw">
</form>