Vulnerability in EPiServer.Forms
Does anyone know how to turn off the Autocomplete on the the Username and Password fields on the Admin Login page for Episerver 8 MVC?
If you're just talking about the standard autocomplete (the browser remembering your credentials), that's a standard HTML feature that can be disabled in the form or input tag using the "autocomplete=off" attribute:
Sorry, it was my fault for not being clear - I am not sure where I can find the Login page for me to do this. Is the login page in the zip folder for Episerver 8 MVC - in Episerver 6 the login page used to be in Program Files.
Yes the login page is in your \modules\_protected\CMS\EPiServer.Cms.Shell.UI.zip - as Util\Login.aspx.
If you don't want to mess with that, you're probably aware you can easily create your own login page elsewhere in your solution, and reference it in your web.config:
<forms name=".EPiServerLogin" loginUrl="/yourloginpage" timeout="120" defaultUrl="~/" />
Hi, ok thanks