Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14553

Password Field with Autocomplete enabled

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 6.0.0.6
    • Fix Version/s: None
    • Component/s: console, SAML, security, STS
    • Labels:
    • Environment:
      AM 6.0.0.6
    • Support Ticket IDs:

      Description

      Bug description

      There are 4 instances of this issue:

      How to reproduce the issue

      The page contains a form with the following action URL:

      The form contains the following password fields with autocomplete enabled:

      • FSSAMLTrustedPartnersAdd.AUTHPASSWORD
      • FSSAMLTrustedPartnersAdd.AUTHPASSWORD_confirm

      The page contains a form with the following action URL:https://volamhost2.vol1dev.visa.com:8443/openam/federation/FSSAMLTrustedPartnersAdd

      • The form contains the following password fields with autocomplete enabled:
        • FSSAMLTrustedPartnersAdd.AUTHPASSWORD
      • FSSAMLTrustedPartnersAdd.AUTHPASSWORD_confirm

      The page contains a form with the following action URL:

      The form contains the following password fields with autocomplete enabled:

      • ConfigureSocialAuthN.tfClientSecret
      • ConfigureSocialAuthN.tfConfirmSecret

      The page contains a form with the following action URL:

      The form contains the following password fields with autocomplete enabled:

      • CreateSoapSTSDeployment.tfSoapAgentPassword
      • CreateSoapSTSDeployment.tfSoapAgentPassword_confirm
      Expected behaviour
      {..}
      
      Current behaviour
      {...}
      

      Work around

      To prevent browsers from storing credentials entered into HTML forms, include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                william.hepler William Hepler
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: