Web Server Allows Password Auto-Completion

saurabh84g · October 31, 2012, 7:17am

Hi,

After running 'nessus' tool to find the Vulnerability in server

OS - RHEL 5

we got "
Web Server Allows Password Auto-Completion (PCI-DSS variant)"

link for description provided by tools - report

I have checked - Their is only default installation is done and only apache and mysql database is running.

After checking the desc - we need to set Auto- Completion to OFF" in Apache somewhere but i am not able to find where to do.......

we have an audit to be schedules before that have to fix this

hergp · October 31, 2012, 8:09am

It does not go into the webserver configuration, but in the html page

<form name="form1" id="form1" method="post" autocomplete="off"   action="http://www.example.com/form.cgi">
[...]
</form>