Bug 2102325 - Cockpit login page fails nessus scan due to auto-completion on password field
Summary: Cockpit login page fails nessus scan due to auto-completion on password field
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: cockpit
Version: 8.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: 8.9
Assignee: Garrett LeSage
QA Contact: Jan Ščotka
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-29 16:48 UTC by Tom Crider
Modified: 2023-08-04 12:15 UTC (History)
5 users (show)

Fixed In Version: cockpit-290-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:
mpitt: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github cockpit-project cockpit issues 6399 0 None closed Allow browser to remember login 2023-01-27 12:43:28 UTC
Red Hat Issue Tracker RHELPLAN-126642 0 None None None 2022-06-29 17:10:06 UTC

Comment 7 Martin Pitt 2023-02-13 06:55:59 UTC
In https://github.com/cockpit-project/cockpit/pull/18330 we got a more comprehensive fix to the autocomplete= attributes. Not to "off", but to "username", "current-password", and "one-time-code". This should hopefully also be okay?

Comment 8 Martin Pitt 2023-04-12 05:21:19 UTC
https://github.com/cockpit-project/cockpit/pull/18330 landed, will be in next Wednesday's release.


Note You need to log in before you can comment on or make changes to this bug.