Password Sent in HTTP Query
Impact: Medium
Description
URLs are stored in log files and might be sent in the referer
HTTP request header to other websites. Passing sensitive information like passwords as part of the URL might disclose this information to an unauthorized actor. This risk is increased when the traffic is not encrypted.
Recommendation
Use the HTTP POST
method and the request body for sending sensitive information.
References
👉 You might also like:
Password Sent in Query - Vulnerability
Password Sent Over HTTP - Vulnerability
Password Input on HTTP - Vulnerability
Auto Complete Enabled Password Input - Vulnerability
Last updated on February 15, 2021