Privacy Violation: Autocomplete - http://zero.webappsecurity.com:80/adcenter.cgi
Created by: armorcodegithubapp[bot]
Category: Privacy Violation: Autocomplete Scan Type: Dynamic CheckType: Best Practices Abstract: Most recent browsers have features that will save form field content entered by users and then automatically complete form entry the next time the fields are encountered. This feature is enabled by default and could leak sensitive information since it is stored on the hard drive of the user. The risk of this issue is greatly increased if users are accessing the application from a shared environment. Recommendations include setting autocomplete to "off" on all your forms. Request: GET /adcenter.cgi HTTP/1.1 Referer: http://zero.webappsecurity.com:80/pindex.asp User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Accept: / Pragma: no-cache Host: zero.webappsecurity.com X-Scan-Memo: Category="Crawl"; Function="CreateStateRequest"; SID="8B91FAA33009378BA04E34B6FD189311"; PSID="DDAF520E2E30901117999914F5CB2876"; SessionType="Crawl"; CrawlType="HTML"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="51"; ThreadType="CrawlBreadthFirstDBReader"; Connection: Keep-Alive Cookie: CustomCookie=WebInspect69383ZXB3FCEA2CCD6849B0A63D3EFF65615601Y3637;status=yes;username=;userid=;sessionid=;ASPSESSIONIDCARBTACT=BFDJMBECKAHAMJENBDMOPBPC;state=;passes3=;passes=;passes2=
File Path: //zero.webappsecurity.com:0
https://app.armorcode.com/#/findings/62962319
Knowledge Base: Man in the Middle (MITM) Attack:https://app.armorcode.com/#/knowledgeBase/45