Re: Critical Watch - Autocomplete Password in Browser Vulnerability
Kevin All forum friends, I tried with Mozilla firefox. But this time also no luck for me. I updated at login.jsp file under org/apache/geronimo/plugins/console-tomcat/2.1.8/console-tomc at-2.1.8.car/portal-driver.war $ grep autocomplete login.jsp input name=j_username type=text autocomplete=off class=InputField value= size=20px/ input name=j_password type=password autocomplete=off class=InputField value= size=20px/ Any advise? Thank you in advance!! - Amlan -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Critical-Watch-Autocomplete-Password-in-Browser-Vulnerability-tp3988677p3988684.html Sent from the Users mailing list archive at Nabble.com.
Re: Critical Watch - Autocomplete Password in Browser Vulnerability
Not on my side - its not accepted by all browsers (usually that just means IE) so I'm not sure what to say. I haven't had issues with it, but I also disable password saving entirely in the browser itself. Kevin Huntly 79 Aurora Drive Cheektowaga, NY 14215 Email: kmhun...@gmail.com Cell: (716) 341-5669 LinkedIn: http://www.linkedin.com/in/kevinhuntly -BEGIN GEEK CODE BLOCK- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* --END GEEK CODE BLOCK-- On Jan 16, 2015 8:10 AM, amlan.geronimo amlan.geron...@gmail.com wrote: Kevin All forum friends, I tried with Mozilla firefox. But this time also no luck for me. I updated at login.jsp file under org/apache/geronimo/plugins/console-tomcat/2.1.8/console-tomc at-2.1.8.car/portal-driver.war $ grep autocomplete login.jsp input name=j_username type=text autocomplete=off class=InputField value= size=20px/ input name=j_password type=password autocomplete=off class=InputField value= size=20px/ Any advise? Thank you in advance!! - Amlan -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Critical-Watch-Autocomplete-Password-in-Browser-Vulnerability-tp3988677p3988684.html Sent from the Users mailing list archive at Nabble.com.
Re: Critical Watch - Autocomplete Password in Browser Vulnerability
Many Thanks Kevin!! I will try with another browser and will give my update. -Amlan -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Critical-Watch-Autocomplete-Password-in-Browser-Vulnerability-tp3988677p3988682.html Sent from the Users mailing list archive at Nabble.com.
Re: Critical Watch - Autocomplete Password in Browser Vulnerability
You can tell internet explorer (and any other browser) not to save passwords.. I believe the setting is under tools - internet options - security, select internet and then select custom level. Alternately if you say no to that prompt I believe it asks if you want to save passwords in the future, to which you can say no as well. Kevin Huntly 79 Aurora Drive Cheektowaga, NY 14215 Email: kmhun...@gmail.com Cell: (716) 341-5669 LinkedIn: http://www.linkedin.com/in/kevinhuntly -BEGIN GEEK CODE BLOCK- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* --END GEEK CODE BLOCK-- On Jan 15, 2015 8:21 AM, amlan.geronimo amlan.geron...@gmail.com wrote: Hi Team, When I try to login in Geronimo Admin console with admin credential(system/system's password). Then browser (in my case IE) ask whether I like to save my password? If I click ok then it saves the password in the form of browser cookie. My question is how can I stop this using autocomplete=off and at which file we will make this change. Please help. -Amlan -- View this message in context: Critical Watch - Autocomplete Password in Browser Vulnerability http://apache-geronimo.328035.n3.nabble.com/Critical-Watch-Autocomplete-Password-in-Browser-Vulnerability-tp3988677.html Sent from the Users mailing list archive http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html at Nabble.com.
Re: Critical Watch - Autocomplete Password in Browser Vulnerability
Thank you Kevin for your reply!!Can we stop this programmatically?so that Browser will not ask for this again. -Amlan -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Critical-Watch-Autocomplete-Password-in-Browser-Vulnerability-tp3988677p3988679.html Sent from the Users mailing list archive at Nabble.com.
Re: Critical Watch - Autocomplete Password in Browser Vulnerability
Yeah there's an option on the form for it - autocomplete = off but not all browsers honor it Kevin Huntly 79 Aurora Drive Cheektowaga, NY 14215 Email: kmhun...@gmail.com Cell: (716) 341-5669 LinkedIn: http://www.linkedin.com/in/kevinhuntly -BEGIN GEEK CODE BLOCK- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* --END GEEK CODE BLOCK-- On Jan 15, 2015 9:29 AM, amlan.geronimo amlan.geron...@gmail.com wrote: Thank you Kevin for your reply!! Can we stop this programmatically? so that Browser will not ask for this again. -Amlan -- View this message in context: Re: Critical Watch - Autocomplete Password in Browser Vulnerability http://apache-geronimo.328035.n3.nabble.com/Critical-Watch-Autocomplete-Password-in-Browser-Vulnerability-tp3988677p3988679.html Sent from the Users mailing list archive http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html at Nabble.com.