Autocorrect Enabled
Autocorrect Enabled
Overview of the Vulnerability
Browsers implement features such as autocorrect to offer predictive spelling and grammar features for end users. The applications implementation of autocorrect for sensitive fields can enable an attacker with local access to login as a user, or leverage critical pieces of information to impersonate the user or make requests on their behalf.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
Steps to Reproduce
Use a browser to navigate to: {{URL}}
Fill and {{action}} to submit form
{{action}} and notice previously entered text is autocorrected
{{screenshot}}
Proof of Concept (PoC)
The screenshots below demonstrate the autocorrect enabled on a sensitive field:
{{screenshot}}
Recommendation(s)
It is recommended to adjust sensitive input parameters to have autocorrect turned off to limit the caching of sensitive data.
Last updated