/vulndb/Autocomplete Enabled

Autocomplete is a HTML tag attribute used to disable the form auto completion mechanism of the browser.

An attacker able to access the browser cache can retrieve sensible information in cleartext.

Solution

Although auto-completion is a useful feature it should be disabled (autocomplete=”off”) in forms, which process sensitive data, such account credentials, banking and personal information.

References

http://dev.w3.org/html5/spec-LC/common-input-element-attributes.html#the-autocomplete-attribute