#2 AUTOCOMPLETE + Brute Force

[ILKEN PORFIRIO]

The page login.php:

AUTOCOMPLETE attribute is not disabled in HTML FORM/INPUT element containing password type input. Passwords may be stored in browsers and retrieved.

This strategy can facilitate brute force attack.

Solution:
Turn off AUTOCOMPLETE attribute in form or individual input elements containing password by using AUTOCOMPLETE='OFF'

Reference:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/forms/autocomplete_ovr.asp