AutoComplete Attribute Not Disabled for Password in Form Based Authentication

Discussion in 'Using your helpdesk' started by Alexey Chuenko, Jul 20, 2012.

  1. Alexey Chuenko

    Alexey Chuenko Established Member

    PCI scan gives me this "Recommended to fix vulnerability". Any thoughts on how to get rid of it?

     
  2. Gary McGrath

    Gary McGrath Kayako Staff Staff Member

    Hi there,

    You would need to edit the loginform.tpl file and specfically add autocomplete="off" to the input lines for username and password. ( to affect the staff and admin CP logins )

    To affect it for users, you would need to edit the header template in the admin CP, and then once again add autocomplete="off" to the input fields for username and password

    gary
     
  3. Alexey Chuenko

    Alexey Chuenko Established Member

    Gary, it looks like your suggestion is applied to loginform to admin and staff CP. However I need to disable autocomplete for users login on the main page. I couldn't find the necessary template by keywords in page source. Could you please tell me which file I should edit.
     
  4. Gary McGrath

    Gary McGrath Kayako Staff Staff Member

    Hi there,

    Admin CP, templates, templates, expand general and open header template

    Then look for <input ( there is a few of them )

    You will see the one for email and password

    Gary
     
  5. Alexey Chuenko

    Alexey Chuenko Established Member

    Yep. It worked. As usual thanks Gary!
     

Share This Page