-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
All browsers with auto complete turned on
In manage hudson > configure system (/hudson/configure), if LDAP is selected and the advanced section is not expanded and the manager password doesn't have any value (blank - anonymous binding), the browser autocomplete feature automatically fills in the password field without a user knowing. As a result, if a user hits the save button, the autofilled password value is saved without user's intention.
- duplicates
-
JENKINS-3586 LDAP Manager DN and password are REQUIRED (security risk)
-
- Closed
-
I know I can just turn off the auto complete feature form my browser. However, this doesn't prevent other users from accidentally saving those values (from hidden fields) if they have auto complete turned on on their browsers.
IMO, the easiest fix would be the add autocomplete="off" on the form HTML element.