SAP Knowledge Base Article - Preview

3515014 - SAP HANA Autocomplete enabled in browser for username field

Symptom

  • As per PEN vulnerability test to detect Cyber weaknesses in your organization, the PEN report has found that autocomplete is enabled in the username field, a local attacker can obtain the previously entered usernames by double clicking the username field as entered values are stored locally in the browser's memory. These existing usernames can then be used for DoS or Bruteforce attacks. It is observed that the "Autocomplete=off" is not explicitly set to the username field


Read more...

Environment

SAP HANA, platform edition

Product

SAP HANA, platform edition all versions

Keywords

inspect; Autocomplete=off; , KBA , HAN-AS-XS , SAP HANA Extended Application Services , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.