2102325 – Cockpit login page fails nessus scan due to auto-completion on password field

Bug 2102325 - Cockpit login page fails nessus scan due to auto-completion on password field

Summary: Cockpit login page fails nessus scan due to auto-completion on password field

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	cockpit
Sub Component:
Version:	8.5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.9
Assignee:	Garrett LeSage
QA Contact:	Jan Ščotka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-06-29 16:48 UTC by Tom Crider
Modified:	2023-08-04 12:15 UTC (History)
CC List:	5 users (show)
Fixed In Version:	cockpit-290-1.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	mpitt: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	cockpit-project cockpit issues 6399	0	None	closed	Allow browser to remember login	2023-01-27 12:43:28 UTC
Red Hat Issue Tracker	RHELPLAN-126642	0	None	None	None	2022-06-29 17:10:06 UTC

Comment 7 Martin Pitt 2023-02-13 06:55:59 UTC

In https://github.com/cockpit-project/cockpit/pull/18330 we got a more comprehensive fix to the autocomplete= attributes. Not to "off", but to "username", "current-password", and "one-time-code". This should hopefully also be okay?

Comment 8 Martin Pitt 2023-04-12 05:21:19 UTC

https://github.com/cockpit-project/cockpit/pull/18330 landed, will be in next Wednesday's release.

Note You need to log in before you can comment on or make changes to this bug.