Hi all.. Durring security scan of my webmail, I get the following vuln: Synopsis: Auto-complete is not disabled on password fields. Description The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or their machine is compromised at some point. Solution Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials. Can someone please help how can I fix this, where and what line should I add in the /src/login.php? Thank you in advance Best Regards -- View this message in context: http://old.nabble.com/Disable-Autocomplete-tp34150573p34150573.html Sent from the squirrelmail-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
