Bug 2102325

Summary: Cockpit login page fails nessus scan due to auto-completion on password field
Product: Red Hat Enterprise Linux 8 Reporter: Tom Crider <tcrider>
Component: cockpitAssignee: Garrett LeSage <glesage>
Status: VERIFIED --- QA Contact: Jan Ščotka <jscotka>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.5CC: glesage, mmarusak, mpitt, sbarcomb, sbroz
Target Milestone: rcKeywords: Triaged
Target Release: 8.9Flags: mpitt: needinfo-
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: cockpit-290-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 7 Martin Pitt 2023-02-13 06:55:59 UTC
In https://github.com/cockpit-project/cockpit/pull/18330 we got a more comprehensive fix to the autocomplete= attributes. Not to "off", but to "username", "current-password", and "one-time-code". This should hopefully also be okay?

Comment 8 Martin Pitt 2023-04-12 05:21:19 UTC
https://github.com/cockpit-project/cockpit/pull/18330 landed, will be in next Wednesday's release.