Nagios Support Forum

On the Reset Security Credentials page, the field next to "New Config Manager Admin Password:" will remember previous passwords you have typed in.

You can see the previous passwords in plain text.

I have experienced this with both IE and Firefox.

Screenshot shows the field I am talking about.

Perhaps this field should be changed so it doesn't remember values that have been typed here.

This screen should by design be static, it's not meant to randomize the passwords. Instead it pushes the value provided to the password store and the password database. It should always display the password in the password store.

On my computer I go to the Reset Security Credentials page
I type the nagiosadmin password in the field next to "New Config Manager Admin Password:"
I click Update Credentials
I log out of Nagis XI
I walk away from the computer without locking the screen
Another person jumps on my computer and logs into Nagios XI
They go to the Reset Security Credentials page
They double click in the field next to "New Config Manager Admin Password:"
Any entries typed by me in the past will appear here in a list.

If they have the admin password, they have the admin password. Though perhaps there are some browser cache issues to consider.

http://go.nagios.com/tracker/64

I would agree that it would be a lot smarter IMO if that particular field was set to a password input type, given how this operates.

If your overly worried about it.. Jump into the HTML files for that page and add

autocomplete="off"

To the form attributes.

To do that.. Go to the file /usr/local/nagiosxi/html/admin/credentials.php

On line 98 change from to

Great tip.

Glad to help.