Details

Safari can utilize a user-level keychain for credential storage, and then access that information when revisiting websites on the same domain. By disabling this feature the user will be prompted to manually enter their credentials when they visit a website.

Rationale:

If this setting is enabled, users can have Safari store and retrieve passwords through a user-level keychain and provide them automatically the next time they visit a site. An intruder who has unrestricted access to your computer can gain access to secure site areas.

Solution

Follow the below steps to set AutoFill web forms: User names and passwords to Disabled:

1. Click Safari.
2. Click Preferences.
3. Click AutoFill.
4. Uncheck AutoFill web forms: User names and passwords.

To configure the plist follow the below steps:

1. Open the com.apple.Safari.plist.
2. Find the token AutoFillPasswords
3. Ensure this token is immediately followed by

Default Value:
Enabled.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1822

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CSCv6|13

Source

• Tenable.com/audits