Password Sent in HTTP Query
URLs are stored in log files and might be sent in the
referer HTTP request header to other websites. Passing sensitive information like passwords as part of the URL might disclose this information to an unauthorized actor. This risk is increased when the traffic is not encrypted.
Use the HTTP
POST method and the request body for sending sensitive information.
👉 You might also like:
Password Sent in Query - Vulnerability
Password Sent Over HTTP - Vulnerability
Password Input on HTTP - Vulnerability
Auto Complete Enabled Password Input - Vulnerability
Last updated on February 15, 2021