Title

The macOS system must disable password autofill. (Cat II impact)

Discussion

Password Autofill must be disabled. macOS allows users to save passwords and use the Password Autofill feature in Safari and compatible apps. To protect against malicious users gaining access to the system, this feature must be disabled to prevent users from being prompted to save passwords in applications.

Check Content

Verify the macOS system is configured to disable password autofill with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\ .objectForKey('allowPasswordAutoFill').js EOS If the result is not "false", this is a finding.

Fix Text

Configure the macOS system to disable password autofill by installing the "com.apple.applicationaccess" configuration profile.

Additional Identifiers

Rule ID: SV-259527r941203_rule

Vulnerability ID: V-259527

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.