Back to Introduction
Low Risk
Wiki Entry
Password Autocomplete Not Disabled
Password fields allow autocomplete, which could expose credentials on shared computers. While convenient, this can be a security concern in certain environments.
Why This Matters
On shared or public computers, autocomplete can expose saved passwords to other users. This is particularly risky in high-security environments or public kiosks.
How to Fix
Framework-specific solutions and general best practices
Add autocomplete='new-password' or autocomplete='off' to password input fields in sensitive forms.
Quick Reference
Severity
Low Risk
ID
password_autocomplete_enabledAI Assistant Prompt
Copy this prompt to ask an AI for help fixing this vulnerability:
Please fix the "Password Autocomplete Not Disabled" security vulnerability in this web application. The issue is: Password fields allow autocomplete, which could expose credentials on shared computers. While convenient, this can be a security concern in certain environments. Make a plan and implement based on my project.