漏洞
There are instances found where password fields have auto-complete enabled. If there are stored credentials, they can be captured by an attacker who gains control over the user's computer. Furthermore, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials.
| 漏洞 ID 编号 | BUG-000094891 |
|---|---|
| 已提交 | March 14, 2016 |
| 上次修改时间 | February 15, 2023 |
| 适用范围 | ArcGIS for Server |
| 找到的版本 | 10.2.2 |
| 服务器平台 | Windows OS |
| 客户端平台 | 2012 R2 |
| 状态 | Will Not Be Addressed |
附加信息
This issue was logged against a version of the software which is no longer supported, and has not had activity in some time. We apologize that we were unable to address this issue within the current product life cycle. If the issue continues to affect your work in a supported release, please contact Technical Support.解决办法
Avoid storing passwords in a browser.重现步骤
漏洞 ID: BUG-000094891
软件:
- ArcGIS for Server
从 ArcGIS 专家处获得帮助
下载 Esri 支持应用程序
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈