authentication practices may leave the web application vulnerable to
authentication attacks. Data Received: <input name='pin' id='pin'
type='password' style='display:none;' /> Resolution: To use HTML form-based
authentication more securely in web applications, do the following: Remove the
TCP 80 http 4.0
value attribute from the INPUT tag corresponding to the password field.
Submit all forms to an SSL-enabled (https) service using the form's
action attribute. Place all protected web directories on an SSL-enabled (https)
service. Use the autocomplete="off" attribute in the INPUT tag
corresponding to the password field. Risk Factor: Medium/ CVSS2 Base
Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
In order to resolve this error:
1. Enable SSL on all pages 2. Make sure that external links to third party sites are using https:// (Facebook, Twitter, etc) 3. Enable Single Sign On, and verify that FAWeb and NetClassroom URLs are https:// in the Education tab located in Administration > Sites and Settings 4. Verify that the link to NetClassroom/FAWeb is https://
Once all of these are in place, run the PCI scan again.