Fixes are available
APAR status
Closed as suggestion for future release.
Error description
The AUTOCOMPLETE attribute is not disabled in the password field on the login page. This allows a user s password to be stored in the browser and be retrieved by another user with access to the computer, or through a remotely executed attack. This poses a risk to other Accenture applications because the application uses enterprise credentials. It is important to note that not all browsers are encrypting the credentials and that the credentials might be stored on the victim's computer in clear-text. Recommendation To prevent browsers from storing credentials entered into HTML forms, the attribute autocomplete="off" should be used within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific input fields e.g. password). It is recommended to disable autocomplete for all form fields.
Local fix
Problem summary
Problem conclusion
Temporary fix
Comments
change the login page's password to autocomplete="off", will not fill out the password automatically
APAR Information
APAR number
PI21999
Reported component name
BUILD FORGE EE
Reported component ID
5724S2701
Reported release
713
Status
CLOSED SUG
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-07-14
Closed date
2014-10-13
Last modified date
2014-10-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSB2MV","label":"Rational Build Forge"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.3","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
13 October 2021