New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


PRTG Security Fix Request

Votes:

0

Your Vote:

Up

Down

Can we get a fix for the following vulnerability.

Form with action https://prtg/public/checklogin.htm does not explicitly disable autocomplete for the following sensitive fields: password

need to have the following code in the login page. <input type="password" autocomplete="off" name="pw">

Would be nice to just have this disabled by default.

external-access prtg security

Created on Apr 14, 2016 12:21:33 PM by  kube1984 (550) 3 1



3 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Hello,

Thank you very much for your KB-Post. This is actually possible. Please see How can I disable password auto-complete on the login page?.

best regards.

Created on Apr 15, 2016 11:37:44 AM by  Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

It appears that in the primary / default login page, autocomplete is now always set to off at HTML input element level, for each of the username and password inputs, even where that registry entry does not exist.

This is in build 16.2.23.3270.

This is not the case though for the secondary (retry login on credentials fail) page. The registry entry is required there, set to 1, in order for the autocomplete="off" attribute to appear.

Adding that registry entry and setting it to 1 does indeed set autocomplete to on at the HTML form level, for both the default and secondary login pages (not at HTML input level).

The default behaviour of the secondary page is to allow autocomplete though - which is at odds now with the default behaviour of the default login page.

Cheers

Created on May 5, 2016 10:13:25 AM by  proggable (0)



Votes:

0

Your Vote:

Up

Down

proggable, unfortunately this indeed is a bug. We will fix this within the next 4-6 weeks, please bear with us.

Created on May 10, 2016 7:53:20 AM by  Torsten Lindner [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.