Password Sent Over HTTP
Impact: Medium
Description
When passwords are sent over unencrypted HTTP traffic, attackers can intercept and capture them easily, leading to unauthorized access to user accounts, sensitive data exposure, and potential compromise of the entire system.
Recommendation
Enforce the use of HTTPS to encrypt sensitive data transmission, including passwords. Ensure that all login pages, forms, and authentication mechanisms are served over HTTPS to protect user credentials.
References
👉 You might also like:
Password Sent in HTTP Query - Vulnerability
Password Input on HTTP - Vulnerability
Password Sent in Query - Vulnerability
Auto Complete Enabled Password Input - Vulnerability
Last updated on May 13, 2024