On Thu, Jul 12, 2012 at 5:05 AM, res5it <res5it@xxxxxxxxx> wrote: > > Hi all.. Durring security scan of my webmail, I get the following vuln: > > Synopsis: Auto-complete is not disabled on password fields. > > Description The remote web server contains at least HTML form field > containing an input of type 'password' where 'autocomplete' is not set to > 'off'. While this does not represent a risk to this web server per se, it > does mean that users who use the affected forms may have their credentials > saved in their browsers, which could in turn lead to a loss of > confidentiality if any of them use a shared host or their machine is > compromised at some point. > > > Solution Add the attribute 'autocomplete=off' to these fields to prevent > browsers from caching credentials. > > > Can someone please help how can I fix this, where and what line should I add > in the /src/login.php? http://www.squirrelmail.org/plugin_view.php?id=12 -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
