Autocomplete is not a "vulnerability". It is, in fact, the opposite nowadays.
In the past, you could argue that allowing a browser to fill in a password was a risk. But people have finally started to understand that if you force people to type a password every time, they
- Reuse the same password
- Use weak passwords
- Write them down
Both of those are massive security risks.
Nowadays, people use password safes so they can have unique and very complex (i.e. secure) passwords without writing them down. Most implementations of these use autocomplete to fill in passwords without exposing them to view at all.
So. Where ever you have seen the advice to disable autocomplete, it is wrong.
If you must do this because your security people don't know what they're doing, then the theory in the article is still the only way to do it - you need to unpack the gadgets jar, find the login template, hack it, and re-pack it.
But I would not do it. It also renders your system unsupported by the vendor, which is classed as a security risk in many places.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.