07-31-2015 10:41 PM - edited 03-17-2019 03:50 AM
Hi,
Can anyone help me to find the solution for the below Password Field AutoComplete Vulnerability in CUCM V10.5.2
Vulunerability detyails as below
Password input fields on this page allow auto-completion. Users can easily gain unauthorized access to protected information.
Thanks in advance
Pradeep
07-31-2015 10:45 PM
Hi Pradeep,
Could you please re-post the link as I couldnt reach the URL you had posted.
Regards
07-31-2015 10:52 PM
Hi Wilson,
Thank you for the post, please find the below vulnerability details encountered during the security scan.
Affected Products
CUCM/ CUC - 10.5.2
Vulnerability details
Password input fields on this page allow auto-completion. Users can easily gain unauthorized access to protected information.
To do
Forms where passwords are submitted should only be enabled over HTTPS, password fields should also contain the option 'autocomplete=off' MITIGATION Vulnerable pages can be deleted or blocked, although this will affect website functionality.
Thanks in advance
Pradeep.
08-01-2015 08:28 PM
You have no control over the webpages from CUC/CUC, I'm assuming this is the outcome from a tool you ran, and not something we deemed as a vulnerability, right???
08-01-2015 10:39 PM
Yes, you are right Jaime,
This is result is form the security scanning tool, unfortunately this is classified as vulnerability.
Is there any way to restrict this from CUCM/CUC services ?
With Thanks & Regards,
Pradeep.
08-02-2015 08:43 AM
As I already mentioned, you have no control over the pages. You'll have to explain this cannot be adjusted, you'll have to do something in the user side to disable them storing passwords.
08-02-2015 11:12 PM
Thanks Jaime
08-03-2015 08:16 AM
Hi,
I thought it was a vulnerability as published by Cisco. If it is not a vulnerability published by Cisco and some third party (in your case it is for the browser).
I recommend always keeping a patched up for any Security Patches and always use Firefox (and to some extent Chrome)
HTH
08-04-2015 01:43 AM
Thanks Wilson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide