New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable autocomplete on SNMPv3 settings #8833

Merged
merged 2 commits into from Jun 23, 2018

Conversation

Projects
None yet
2 participants
@KlaasT
Contributor

KlaasT commented Jun 19, 2018

We have noticed that some Firefox password managers try to autocomplete AuthUser, AuthPass and CryptoPass with user credentials. This can lead to a security issue as the credentials of users are stored in plaintext inside the LibreNMS database.

The autocomplete="off" should disable this behaviour.

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926

KlaasT added some commits Jun 19, 2018

The Firefox password manager tries autocomplete username and password…
… for SNMPv3 settings. This can lead to a security incident.

This disables autocomplete on cryptopass, authpass and authuser.
@laf

laf approved these changes Jun 20, 2018

LGTM

@laf laf added this to the 1.41 milestone Jun 20, 2018

@laf

This comment has been minimized.

Member

laf commented Jun 20, 2018

Just waiting on tests to complete now.

@laf laf merged commit 20741e1 into librenms:master Jun 23, 2018

3 checks passed

WIP ready for review
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

mattie47 added a commit to mattie47/librenms that referenced this pull request Jul 2, 2018

Disable autocomplete on pages with SNMPv3 settings (librenms#8833)
We have noticed that some Firefox password managers try to autocomplete AuthUser, AuthPass and CryptoPass with user credentials. This can lead to a security issue as the credentials of users are stored in plaintext inside the LibreNMS database.

The autocomplete="off" should disable this behaviour.

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [ ] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`

@lock lock bot locked as resolved and limited conversation to collaborators Aug 22, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.