The Auto Complete Not Disabled is a medium risk vulnerability that has the potential to leak sensitive information like credit card details, passwords and many more. If the developer omits AutoComplete=off to the input fields might have serious outcomes to the end users. All browsers have a feature by which, the browser can save login credentials for different websites. The browser caches the data and saves locally and in the cloud. If the cloud or the local computer gets compromised to the attacker, he could reuse these credentials to perform attacks on the victim user. This potential vulnerability can be fixed if the developer adds AutoComplete=off to all the input fields.
The following is an example of a vulnerable input field.
If the browser or the cloud in which the credentials are saved gets compromised. The attacker can also:-
Beagle recommends the following fixes:-