Good day Olivier,
I have setup packetfence in ARP mode with LDAP authentication. I notice that
some browser remembers password.
1) User plugs in and launches browser.
2) Browser gets redirected to login screen of packetfence.
3) The login screen of packetfence will appear "WITH" the user ID and Password
"already" present.
4) User then just click the LOGIN button.
This is a problem because with the browser remembering the user accoun and
password, it totally defeats the purpose of NAC.
I did some research and found the Disable AUTOCOMPLETE in the browser - This is
not bullet proof because the user can then turn it back on and I think this is
browser version dependent.
I think it would be more effective if there is a way we can force blank entry
on the User ID and Password text box of the packetfence login screen.
Any ideas? your comments are highly appreciated. Thank you.
brgds..
Hope we can patch this security hole.
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
