Invicti detected that autocomplete is enabled in one or more of the password fields.
If user chooses to save, data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers, such as cyber cafes or airport terminals.
- Add the attribute
autocomplete="off"to the form tag or to individual "input" fields. However, since early 2014, major browsers don't respect this instruction, due to their integrated password management mechanism, and offer to users to store password internally.
- Re-scan the application after addressing the identified issues to ensure all of the fixes have been applied properly.