What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

PRTG Security Fix Request

Votes:

0

Can we get a fix for the following vulnerability.

Form with action https://prtg/public/checklogin.htm does not explicitly disable autocomplete for the following sensitive fields: password

need to have the following code in the login page. <input type="password" autocomplete="off" name="pw">

Would be nice to just have this disabled by default.

external-access prtg security

Created on Apr 14, 2016 12:21:33 PM



3 Replies

Accepted Answer

Votes:

0

Hello,

Thank you very much for your KB-Post. This is actually possible. Please see How can I disable password auto-complete on the login page?.

best regards.

Created on Apr 15, 2016 11:37:44 AM by Torsten Lindner [Paessler Support]



Votes:

0

It appears that in the primary / default login page, autocomplete is now always set to off at HTML input element level, for each of the username and password inputs, even where that registry entry does not exist.

This is in build 16.2.23.3270.

This is not the case though for the secondary (retry login on credentials fail) page. The registry entry is required there, set to 1, in order for the autocomplete="off" attribute to appear.

Adding that registry entry and setting it to 1 does indeed set autocomplete to on at the HTML form level, for both the default and secondary login pages (not at HTML input level).

The default behaviour of the secondary page is to allow autocomplete though - which is at odds now with the default behaviour of the default login page.

Cheers

Created on May 5, 2016 10:13:25 AM



Votes:

0

proggable, unfortunately this indeed is a bug. We will fix this within the next 4-6 weeks, please bear with us.

Created on May 10, 2016 7:53:20 AM by Torsten Lindner [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.