Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Autocomplete attribute in password fields

Hagop Esfahani Jun 19, 2019 02:23PM UTC

Hi Team,

We are scanning our web application "Globanet Merge1" using BurpSuite and we noticed a minor issue with autocomplete attributes in forms.

We use autocomplete="new-password" in forms to really prevent browser from prompting the users to save their passwords (since autocomplete="off" is ignored by most browsers), setting the autocomplete attribute to new-password is being detected as an issue by Burp Suite , can you please explain why? or let us know if you have plans to change this behavior by Burp Suite?

Thanks,
Hagop Esfahani | Systems Analyst | Globanet |
hesfahani@globanet.com | www.globanet.com


Liam Tai-Hogan Jun 19, 2019 02:24PM UTC Support Center agent

Hagop thanks for pointing this out.

The relevant Burp scan checks have not been updated to reflect latest browser behavior. This is something we will fix in future, although that is likely to be a little way out just yet. We’ll update you when we’ve made some progress.

Please let us know if you need any further assistance.


Hagop Esfahani Jun 19, 2019 02:37PM UTC
Thanks Liam, we'll look forward to further updates.

Regards,
Hagop Esfahani | Systems Analyst | Globanet |
hesfahani@globanet.com | www.globanet.com

Post Your public answer

Your name
Your email address
Answer