Vulnerabilities/

Password Sent in Query

Impact: Low

Description

URLs are stored in log files and might be sent in the referer HTTP request header to other websites. Passing sensitive information like passwords as part of the URL might disclose this information to an unauthorized actor. This risk is increased when the traffic is not encrypted.

Recommendation

Use the HTTP POST method and the request body for sending sensitive information.

References

Last updated on February 15, 2021

Use SmartScanner Free version to test for this issue

Download