diff --git a/app/code/Magento/User/Model/User.php b/app/code/Magento/User/Model/User.php
index 744fae46c3897..117e9425be7d2 100644
--- a/app/code/Magento/User/Model/User.php
+++ b/app/code/Magento/User/Model/User.php
@@ -470,7 +470,9 @@ public function verifyIdentity($password)
         $result = false;
         if ($this->_encryptor->validateHash($password, $this->getPassword())) {
             if ($this->getIsActive() != '1') {
-                throw new AuthenticationException(__('This account is inactive.'));
+                throw new AuthenticationException(
+                    __('You did not sign in correctly or your account is temporarily disabled.')
+                );
             }
             if (!$this->hasAssigned2Role($this->getId())) {
                 throw new AuthenticationException(__('You need more permissions to access this.'));
diff --git a/app/code/Magento/User/Test/Unit/Model/UserTest.php b/app/code/Magento/User/Test/Unit/Model/UserTest.php
index 33a77515ccb0b..05e2f75ad8be1 100644
--- a/app/code/Magento/User/Test/Unit/Model/UserTest.php
+++ b/app/code/Magento/User/Test/Unit/Model/UserTest.php
@@ -364,7 +364,7 @@ public function testVerifyIdentityInactiveRecord()
         $this->_model->setIsActive(false);
         $this->setExpectedException(
             'Magento\\Framework\\Exception\\AuthenticationException',
-            'This account is inactive.'
+            'You did not sign in correctly or your account is temporarily disabled.'
         );
         $this->_model->verifyIdentity($password);
     }
diff --git a/app/code/Magento/User/i18n/de_DE.csv b/app/code/Magento/User/i18n/de_DE.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/de_DE.csv
+++ b/app/code/Magento/User/i18n/de_DE.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/i18n/en_US.csv b/app/code/Magento/User/i18n/en_US.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/en_US.csv
+++ b/app/code/Magento/User/i18n/en_US.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/i18n/es_ES.csv b/app/code/Magento/User/i18n/es_ES.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/es_ES.csv
+++ b/app/code/Magento/User/i18n/es_ES.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/i18n/fr_FR.csv b/app/code/Magento/User/i18n/fr_FR.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/fr_FR.csv
+++ b/app/code/Magento/User/i18n/fr_FR.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/i18n/nl_NL.csv b/app/code/Magento/User/i18n/nl_NL.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/nl_NL.csv
+++ b/app/code/Magento/User/i18n/nl_NL.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/i18n/pt_BR.csv b/app/code/Magento/User/i18n/pt_BR.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/pt_BR.csv
+++ b/app/code/Magento/User/i18n/pt_BR.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/i18n/zh_CN.csv b/app/code/Magento/User/i18n/zh_CN.csv
index 7168308c5dcf0..3f27379d04352 100644
--- a/app/code/Magento/User/i18n/zh_CN.csv
+++ b/app/code/Magento/User/i18n/zh_CN.csv
@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"
diff --git a/app/code/Magento/User/view/adminhtml/templates/admin/resetforgottenpassword.phtml b/app/code/Magento/User/view/adminhtml/templates/admin/resetforgottenpassword.phtml
index 2beb2b1a277ff..ba3d313a32886 100644
--- a/app/code/Magento/User/view/adminhtml/templates/admin/resetforgottenpassword.phtml
+++ b/app/code/Magento/User/view/adminhtml/templates/admin/resetforgottenpassword.phtml
@@ -8,7 +8,7 @@
 
 ?>
 
-<form method="post" data-mage-init='{"form": {}, "validation": {}}' action="<?php echo $block->getUrl('*/auth/resetpasswordpost', ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]]); ?>" id="reset-password-form">
+<form method="post" data-mage-init='{"form": {}, "validation": {}}' action="<?php echo $block->getUrl('*/auth/resetpasswordpost', ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]]); ?>" id="reset-password-form" autocomplete="off">
     <fieldset class="admin__fieldset">
         <legend class="admin__legend"><span><?php echo __('Reset a Password'); ?></span></legend><br />
         <input name="form_key" type="hidden" value="<?php echo $block->getFormKey(); ?>" />
diff --git a/app/code/Magento/Webapi/Test/Unit/Model/Authorization/OauthUserContextTest.php b/app/code/Magento/Webapi/Test/Unit/Model/Authorization/OauthUserContextTest.php
index 3a2344bf0be68..cb6c9eee73535 100644
--- a/app/code/Magento/Webapi/Test/Unit/Model/Authorization/OauthUserContextTest.php
+++ b/app/code/Magento/Webapi/Test/Unit/Model/Authorization/OauthUserContextTest.php
@@ -70,7 +70,7 @@ protected function setUp()
 
         $this->oauthRequestHelper = $this->getMockBuilder('Magento\Framework\Oauth\Helper\Request')
             ->disableOriginalConstructor()
-            ->setMethods(['prepareRequest'])
+            ->setMethods(['prepareRequest', 'getRequestUrl'])
             ->getMock();
 
         $this->oauthService = $this->getMockBuilder('Magento\Framework\Oauth\Oauth')
diff --git a/dev/tests/integration/framework/tests/unit/testsuite/Magento/Test/RequestTest.php b/dev/tests/integration/framework/tests/unit/testsuite/Magento/Test/RequestTest.php
index b0fc84e6db46a..65cc4833c6e9f 100644
--- a/dev/tests/integration/framework/tests/unit/testsuite/Magento/Test/RequestTest.php
+++ b/dev/tests/integration/framework/tests/unit/testsuite/Magento/Test/RequestTest.php
@@ -18,6 +18,7 @@ protected function setUp()
     {
         $this->_model = new \Magento\TestFramework\Request(
             $this->getMock('Magento\Framework\Stdlib\Cookie\CookieReaderInterface'),
+            $this->getMock('Magento\Framework\Stdlib\StringUtils'),
             $this->getMock('Magento\Framework\App\Route\ConfigInterface\Proxy', [], [], '', false),
             $this->getMock('Magento\Framework\App\Request\PathInfoProcessorInterface'),
             $this->getMock('Magento\Framework\ObjectManagerInterface')
diff --git a/lib/internal/Magento/Framework/App/Request/Http.php b/lib/internal/Magento/Framework/App/Request/Http.php
index 18502821429cf..26c41a6abc229 100644
--- a/lib/internal/Magento/Framework/App/Request/Http.php
+++ b/lib/internal/Magento/Framework/App/Request/Http.php
@@ -1,7 +1,5 @@
 <?php
 /**
- * Http request
- *
  * Copyright © 2015 Magento. All rights reserved.
  * See COPYING.txt for license details.
  */
@@ -13,7 +11,11 @@
 use Magento\Framework\HTTP\PhpEnvironment\Request;
 use Magento\Framework\ObjectManagerInterface;
 use Magento\Framework\Stdlib\Cookie\CookieReaderInterface;
+use Magento\Framework\Stdlib\StringUtils;
 
+/**
+ * Http request
+ */
 class Http extends Request implements RequestInterface
 {
     /**#@+
@@ -79,6 +81,7 @@ class Http extends Request implements RequestInterface
 
     /**
      * @param CookieReaderInterface $cookieReader
+     * @param StringUtils $converter
      * @param ConfigInterface $routeConfig
      * @param PathInfoProcessorInterface $pathInfoProcessor
      * @param ObjectManagerInterface  $objectManager
@@ -87,13 +90,14 @@ class Http extends Request implements RequestInterface
      */
     public function __construct(
         CookieReaderInterface $cookieReader,
+        StringUtils $converter,
         ConfigInterface $routeConfig,
         PathInfoProcessorInterface $pathInfoProcessor,
         ObjectManagerInterface $objectManager,
         $uri = null,
         $directFrontNames = []
     ) {
-        parent::__construct($cookieReader, $uri);
+        parent::__construct($cookieReader, $converter, $uri);
         $this->routeConfig = $routeConfig;
         $this->pathInfoProcessor = $pathInfoProcessor;
         $this->objectManager = $objectManager;
@@ -302,6 +306,7 @@ public function isAjax()
     public function getDistroBaseUrl()
     {
         $headerHttpHost = $this->getServer('HTTP_HOST');
+        $headerHttpHost = $this->converter->cleanString($headerHttpHost);
         $headerServerPort = $this->getServer('SERVER_PORT');
         $headerScriptName = $this->getServer('SCRIPT_NAME');
         $headerHttps = $this->getServer('HTTPS');
diff --git a/lib/internal/Magento/Framework/App/Test/Unit/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/HttpTest.php
index 202cc71761b31..2ed892acca1ab 100644
--- a/lib/internal/Magento/Framework/App/Test/Unit/HttpTest.php
+++ b/lib/internal/Magento/Framework/App/Test/Unit/HttpTest.php
@@ -65,8 +65,30 @@ class HttpTest extends \PHPUnit_Framework_TestCase
     public function setUp()
     {
         $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
-        $this->requestMock = $this->getMockBuilder('Magento\Framework\App\Request\Http')
+        $cookieReaderMock = $this->getMockBuilder('Magento\Framework\Stdlib\Cookie\CookieReaderInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $routeConfigMock = $this->getMockBuilder('Magento\Framework\App\Route\ConfigInterface\Proxy')
             ->disableOriginalConstructor()
+            ->getMock();
+        $pathInfoProcessorMock = $this->getMockBuilder('Magento\Framework\App\Request\PathInfoProcessorInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils')
+            ->disableOriginalConstructor()
+            ->setMethods(['cleanString'])
+            ->getMock();
+        $objectManagerMock = $this->getMockBuilder('Magento\Framework\ObjectManagerInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->requestMock = $this->getMockBuilder('Magento\Framework\App\Request\Http')
+            ->setConstructorArgs([
+                'cookieReader' => $cookieReaderMock,
+                'converter' => $converterMock,
+                'routeConfig' => $routeConfigMock,
+                'pathInfoProcessor' => $pathInfoProcessorMock,
+                'objectManager' => $objectManagerMock
+            ])
             ->setMethods(['getFrontName'])
             ->getMock();
         $this->areaListMock = $this->getMockBuilder('Magento\Framework\App\AreaList')
diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php
index 8bfb9be2f3bb2..3bd82cb2d54ec 100644
--- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php
+++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php
@@ -36,6 +36,11 @@ class HttpTest extends \PHPUnit_Framework_TestCase
      */
     protected $objectManager;
 
+    /**
+     * @var \Magento\Framework\Stdlib\StringUtils  | \PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $converterMock;
+
     /**
      * @var array
      */
@@ -54,6 +59,11 @@ protected function setUp()
         $this->_infoProcessorMock = $this->getMock('Magento\Framework\App\Request\PathInfoProcessorInterface');
         $this->_infoProcessorMock->expects($this->any())->method('process')->will($this->returnArgument(1));
         $this->objectManager = $this->getMock('Magento\Framework\ObjectManagerInterface');
+        $this->converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils')
+            ->disableOriginalConstructor()
+            ->setMethods(['cleanString'])
+            ->getMock();
+        $this->converterMock->expects($this->any())->method('cleanString')->will($this->returnArgument(0));
 
         // Stash the $_SERVER array to protect it from modification in test
         $this->serverArray = $_SERVER;
@@ -76,6 +86,7 @@ private function getModel($uri = null)
                 'routeConfig' => $this->_routerListMock,
                 'pathInfoProcessor' => $this->_infoProcessorMock,
                 'objectManager' => $this->objectManager,
+                'converter' => $this->converterMock,
                 'uri' => $uri,
             ]
         );
diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php
index 1a72b0d22cf0f..52d5b5dbdcc57 100644
--- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php
+++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php
@@ -6,6 +6,7 @@
 namespace Magento\Framework\HTTP\PhpEnvironment;
 
 use Magento\Framework\Stdlib\Cookie\CookieReaderInterface;
+use Magento\Framework\Stdlib\StringUtils;
 use Zend\Http\Header\HeaderInterface;
 use Zend\Stdlib\Parameters;
 use Zend\Stdlib\ParametersInterface;
@@ -79,12 +80,19 @@ class Request extends \Zend\Http\PhpEnvironment\Request
      */
     protected $cookieReader;
 
+    /**
+     * @var StringUtils
+     */
+    protected $converter;
+
     /**
      * @param CookieReaderInterface $cookieReader
+     * @param StringUtils $converter
      * @param UriInterface|string|null $uri
      */
     public function __construct(
         CookieReaderInterface $cookieReader,
+        StringUtils $converter,
         $uri = null
     ) {
         $this->cookieReader = $cookieReader;
@@ -103,6 +111,7 @@ public function __construct(
                 throw new \InvalidArgumentException('Invalid URI provided to constructor');
             }
         }
+        $this->converter = $converter;
         parent::__construct();
     }
 
@@ -608,6 +617,7 @@ public function getHeader($name, $default = false)
     public function getHttpHost($trimPort = true)
     {
         $httpHost = $this->getServer('HTTP_HOST');
+        $httpHost = $this->converter->cleanString($httpHost);
         if (empty($httpHost)) {
             return false;
         }
diff --git a/lib/internal/Magento/Framework/HTTP/Test/Unit/PhpEnvironment/RequestTest.php b/lib/internal/Magento/Framework/HTTP/Test/Unit/PhpEnvironment/RequestTest.php
index 1dc822ef0270a..ee39c40d3f144 100644
--- a/lib/internal/Magento/Framework/HTTP/Test/Unit/PhpEnvironment/RequestTest.php
+++ b/lib/internal/Magento/Framework/HTTP/Test/Unit/PhpEnvironment/RequestTest.php
@@ -26,6 +26,11 @@ class RequestTest extends \PHPUnit_Framework_TestCase
      */
     private $cookieReader;
 
+    /**
+     * @var \Magento\Framework\Stdlib\StringUtils | \PHPUnit_Framework_MockObject_MockObject
+     */
+    private $converter;
+
     /**
      * @var array
      */
@@ -35,6 +40,7 @@ protected function setUp()
     {
         $this->objectManager = $this->getMock('Magento\Framework\ObjectManagerInterface');
         $this->cookieReader = $this->getMock('Magento\Framework\Stdlib\Cookie\CookieReaderInterface');
+        $this->converter = $this->getMock('Magento\Framework\Stdlib\StringUtils');
         // Stash the $_SERVER array to protect it from modification in test
         $this->serverArray = $_SERVER;
     }
@@ -46,7 +52,7 @@ public function tearDown()
 
     private function getModel($uri = null)
     {
-        return new Request($this->cookieReader, $uri);
+        return new Request($this->cookieReader, $this->converter, $uri);
     }
 
     public function testSetPathInfoWithNullValue()
diff --git a/lib/internal/Magento/Framework/Webapi/Request.php b/lib/internal/Magento/Framework/Webapi/Request.php
index fdd688a313e51..00e60e8c1a109 100644
--- a/lib/internal/Magento/Framework/Webapi/Request.php
+++ b/lib/internal/Magento/Framework/Webapi/Request.php
@@ -12,24 +12,27 @@
 use Magento\Framework\Config\ScopeInterface;
 use Magento\Framework\HTTP\PhpEnvironment\Request as HttpRequest;
 use Magento\Framework\Stdlib\Cookie\CookieReaderInterface;
+use Magento\Framework\Stdlib\StringUtils;
 
 class Request extends HttpRequest implements RequestInterface
 {
     /**
      * Modify pathInfo: strip down the front name and query parameters.
      *
+     * @param CookieReaderInterface $cookieReader
+     * @param StringUtils $converter
      * @param AreaList $areaList
      * @param ScopeInterface $configScope
-     * @param CookieReaderInterface $cookieReader
      * @param null|string|\Zend_Uri $uri
      */
     public function __construct(
         CookieReaderInterface $cookieReader,
+        StringUtils $converter,
         AreaList $areaList,
         ScopeInterface $configScope,
         $uri = null
     ) {
-        parent::__construct($cookieReader, $uri);
+        parent::__construct($cookieReader, $converter, $uri);
 
         $pathInfo = $this->getRequestUri();
         /** Remove base url and area from path */
diff --git a/lib/internal/Magento/Framework/Webapi/Rest/Request.php b/lib/internal/Magento/Framework/Webapi/Rest/Request.php
index 757f1a2729451..077701047cce6 100644
--- a/lib/internal/Magento/Framework/Webapi/Rest/Request.php
+++ b/lib/internal/Magento/Framework/Webapi/Rest/Request.php
@@ -48,6 +48,7 @@ class Request extends \Magento\Framework\Webapi\Request
      * Initialize dependencies
      *
      * @param \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader
+     * @param \Magento\Framework\Stdlib\StringUtils $converter
      * @param \Magento\Framework\App\AreaList $areaList
      * @param \Magento\Framework\Config\ScopeInterface $configScope
      * @param \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory
@@ -55,12 +56,13 @@ class Request extends \Magento\Framework\Webapi\Request
      */
     public function __construct(
         \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader,
+        \Magento\Framework\Stdlib\StringUtils $converter,
         \Magento\Framework\App\AreaList $areaList,
         \Magento\Framework\Config\ScopeInterface $configScope,
         \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory,
         $uri = null
     ) {
-        parent::__construct($cookieReader, $areaList, $configScope, $uri);
+        parent::__construct($cookieReader, $converter, $areaList, $configScope, $uri);
         $this->_deserializerFactory = $deserializerFactory;
     }
 
diff --git a/lib/internal/Magento/Framework/Webapi/Test/Unit/Rest/RequestTest.php b/lib/internal/Magento/Framework/Webapi/Test/Unit/Rest/RequestTest.php
index fd3ab91301ba8..b8a120e215321 100644
--- a/lib/internal/Magento/Framework/Webapi/Test/Unit/Rest/RequestTest.php
+++ b/lib/internal/Magento/Framework/Webapi/Test/Unit/Rest/RequestTest.php
@@ -38,10 +38,14 @@ protected function setUp()
         /** Instantiate request. */
         // TODO: Get rid of SUT mocks.
         $this->_cookieManagerMock = $this->getMock('Magento\Framework\Stdlib\CookieManagerInterface');
+        $converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils')
+            ->disableOriginalConstructor()
+            ->setMethods(['cleanString'])
+            ->getMock();
         $this->_request = $this->getMock(
             'Magento\Framework\Webapi\Rest\Request',
             ['getHeader', 'getMethod', 'isGet', 'isPost', 'isPut', 'isDelete', 'getContent'],
-            [$this->_cookieManagerMock, $areaListMock, $configScopeMock, $this->_deserializerFactory, ]
+            [$this->_cookieManagerMock, $converterMock, $areaListMock, $configScopeMock, $this->_deserializerFactory]
         );
 
         parent::setUp();
diff --git a/pub/get.php b/pub/get.php
index 9888d7627acae..797a4a8e8e627 100644
--- a/pub/get.php
+++ b/pub/get.php
@@ -27,7 +27,12 @@
     return $isResourceAllowed;
 };
 
-$request = new \Magento\MediaStorage\Model\File\Storage\Request(new Request(new PhpCookieReader()));
+$request = new \Magento\MediaStorage\Model\File\Storage\Request(
+    new Request(
+        new PhpCookieReader(),
+        new Magento\Framework\Stdlib\StringUtils()
+    )
+);
 $relativePath = $request->getPathInfo();
 if (file_exists($configCacheFile) && is_readable($configCacheFile)) {
     $config = json_decode(file_get_contents($configCacheFile), true);
diff --git a/setup/view/magento/setup/add-database.phtml b/setup/view/magento/setup/add-database.phtml
index 77de46a30ed12..193630700bb60 100644
--- a/setup/view/magento/setup/add-database.phtml
+++ b/setup/view/magento/setup/add-database.phtml
@@ -51,6 +51,7 @@
     novalidate
     name="database"
     role="form"
+    autocomplete="off"
     >
 
 <?php
diff --git a/setup/view/magento/setup/create-admin-account.phtml b/setup/view/magento/setup/create-admin-account.phtml
index 6c9f722aed438..379974ec0c669 100644
--- a/setup/view/magento/setup/create-admin-account.phtml
+++ b/setup/view/magento/setup/create-admin-account.phtml
@@ -49,6 +49,7 @@ $passwordWizard = sprintf(
     novalidate
     name="account"
     role="form"
+    autocomplete="off"
     >
 
     <div