The Confluence website has a login page that allows password auto-completion.
This means that users' credentials may be stored by their browser automatically, unless they have specifically configured their browser not to do so.

Note that most modern browsers will now offer to store credentials irrespective of web page password auto-completion settings.

This issue will, however, be identified by an automated scanner, and so is included here for completion.

Recommendation:

Consider adding an attribute named "autocomplete" to the password field on the login page above that is set to "off" to explicitly demonstrate that credentials should not be stored, or, have a UI option to disable Password Auto complete.

Most modern web browsers will offer to store credentials regardless, however, this behavior may change in the future, as there is still some disagreement within the security community as to whether or not this configuration is appropriate. As such, consider performing a risk assessment to determine whether the potential risk resulting from a lack of this attribute is acceptable.