Troubleshooting
Problem
During the initial user login a new user ID and password is entered in authentication form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered.
An attacker with local access could obtain the clear text password from the browser cache.
The password auto complete should be disabled in sensitive applications. To disable auto complete you may use a code similar to : <INPUT TYPE=“password” AUTOCOMPLETE=“off”>
Resolving The Problem
Cognos Product Development can add autocomplete="off" to the password input, however modern browsers don't honour this property, refer following link:
Below is what is copied from the above link:
Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise. For this reason, many modern browsers do not support autocomplete="off" for login fields: - If a site sets autocomplete="off" for a <form>, and the form includes username and password input fields, then the browser still offers to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page. This is the behaviour in Firefox (since version 38), Google Chrome (since 34), and Internet Explorer (since version 11).
So this is not an issue.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl77AAC","label":"Administration->Security"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
11 May 2020
UID
ibm16208302