Actions
Defect #25145
closed
Disable Autocomplete in redmine login page
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
UI
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Duplicate
Affected version:
Description
Hi I would like to disable autocomplete feature to disabled. Login user fields have the autocomplete feature enabled.
Worst Case Scenario
User login credentials could be stolen in specific scenarios. There is high change of retrieving valid accounts
when computers are shared between several users by double clicking the username field ("username") in the
login pages. Once the attacker has a valid set of users, those can be used in brute force attacks.
Related issues
Updated by
Actions