Password Sent in Query
Impact: Low
Description
URLs are stored in log files and might be sent in the referer
HTTP request header to other websites. Passing sensitive information like passwords as part of the URL might disclose this information to an unauthorized actor. This risk is increased when the traffic is not encrypted.
Recommendation
Use the HTTP POST
method and the request body for sending sensitive information.
References
👉 You might also like:
Password Sent in HTTP Query - Vulnerability
Auto Complete Enabled Password Input - Vulnerability
PHP Version Disclosure - Vulnerability
X-Powered-By Header Found - Vulnerability
Last updated on February 15, 2021