Bug
There are instances found where password fields have auto-complete enabled. If there are stored credentials, they can be captured by an attacker who gains control over the user's computer. Furthermore, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials.
| Bug ID Number | BUG-000094891 |
|---|---|
| Submitted | March 14, 2016 |
| Last Modified | February 15, 2023 |
| Applies to | ArcGIS for Server |
| Version found | 10.2.2 |
| Operating System | Windows OS |
| Operating System Version | 2012 R2 |
| Status | Will Not Be Addressed |
Additional Information
This issue was logged against a version of the software which is no longer supported, and has not had activity in some time. We apologize that we were unable to address this issue within the current product life cycle. If the issue continues to affect your work in a supported release, please contact Technical Support.Workaround
Avoid storing passwords in a browser.Steps to Reproduce
Bug ID: BUG-000094891
Software:
- ArcGIS for Server
Get help from ArcGIS experts
Download the Esri Support App
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback