How to avoid the password caching by the browser on login into Service Desk Manager.

Document ID : KB000019581
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Local browsers may cache the password on login so that on future logins the password is automatically filled in based on the entered user id.

This may cause a security gap.

Solution:

To avoid this behavior there are the typical local browser settings for not caching the password, but the best is to avoid this caching from within theService Desk application.

A way to stop the password caching in the application is to add the parameter autocomplete="off" in the login.htmpl.

To do this:

  1. Open the default login.htmpl with the Web Screen Painter and search for the line (see figure):
    <td ><input type="password" id="PIN" name="PIN"></td>
    Change this line to:
    <td ><input type="password" id="PIN" name="PIN" autocomplete="off"></td>

  2. Save and publish the file.
    The new customized login.htmpl will be present under the folder %NX_ROOT%\site\mods\www\htmpl\default.

  3. Perform a pdm_webcache from the command line.

  4. Clear the local browser cache.

    Figure 1