CSAL#62
|
Security Notification # CSAL62 |
|
Advisory Title: Auto complete Enabled on Form Fields |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#62 |
Document Name: |
Security Notification # CSAL62 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL62 |
CVE / Vulnerability Reference |
OWASP(A3) CWE-200 |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
5.5 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
Form fields with Auto complete enabled found. This can make the form data prone to client side human based or trojan based attacks, leading to data confidentiality loss. |
|||||
|
Impact |
Form fields with auto complete enabled can expose sensitive information through client-side attacks, such as phishing or malware, resulting in data confidentiality breaches. To mitigate this risk, disable auto complete on forms that handle sensitive data. |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||