Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: RH-SSO-7.2.6.CR1, RH-SSO-7.2.6.GA
Affects Version/s: RH-SSO-7.2.4.GA
Component/s: Server
Labels:
- team-core

Epic Link:
RH-SSO 7.2.z-stream
Steps to Reproduce:
Hide

Login to admin console

Create realm "myRealm"

Create a new user and set credentials eg. test@123 from Credentials tab

Logout and try again to set the same credentials for the user mentioned above the browser proposes already set password.
Show
Login to admin console Create realm "myRealm" Create a new user and set credentials eg. test@123 from Credentials tab Logout and try again to set the same credentials for the user mentioned above the browser proposes already set password.

SFDC Cases Links:
SFDC Cases Counter:

Description

In the credentials-tab of user management the password fields are of type text i.e <input .... type="text".../> causing the browser to propose already used password.

This is critical from a security perspective.

To overcome this autocomplete must be set to off for New Password and Password Confirmation fields.

Attachments

Activity

People

Assignee:: Stan Silvert

Reporter:: Saurabh Shriramwar (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2018/10/12 10:33 PM

Updated:: 2021/10/24 6:45 AM

Resolved:: 2019/01/31 3:10 PM