Autocomplete-enabled Password Field in SmarterTools SmarterStats 6.0 Login Vulnerability

Autocomplete-enabled Password Field in SmarterTools SmarterStats 6.0 Login Vulnerability

CVE-2011-2155 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.

Learn more about our Web App Pen Testing.