- When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
- WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)
- WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)
- Drupal Views module information disclosure vulnerability
- Application error message
- WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)