Bug
There are instances found where password fields have auto-complete enabled. If there are stored credentials, they can be captured by an attacker who gains control over the user's computer. Furthermore, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials.
| Bug-ID-Nummer | BUG-000094891 |
|---|---|
| Eingereicht | March 14, 2016 |
| Zuletzt geändert | February 15, 2023 |
| Gilt für | ArcGIS for Server |
| Gefunden in Version | 10.2.2 |
| Server-Plattform | Windows OS |
| Client-Plattform | 2012 R2 |
| Status | Will Not Be Addressed |
Zusätzliche Informationen
This issue was logged against a version of the software which is no longer supported, and has not had activity in some time. We apologize that we were unable to address this issue within the current product life cycle. If the issue continues to affect your work in a supported release, please contact Technical Support.Workaround
Avoid storing passwords in a browser.Schritte zur Reproduzierung
Bug-ID: BUG-000094891
Software:
- ArcGIS for Server
Hilfe von ArcGIS-Expert*innen erhalten
Die Esri Support-App herunterladen
Weitere Informationen zu diesem Thema erkunden
Nach zugehörigen Informationen suchen
Nach Schulungen zu diesem Thema suchen
Ideen erkunden und Feedback geben