Vulnerabilities/

Password Sent in Query

Severity:
Low

Description

When passwords are included in URLs and sent as part of HTTP queries, they may be logged in various places, including server logs, and disclosed to unauthorized parties through the referer HTTP request header. This risk is heightened when the traffic is not encrypted, making it susceptible to interception and eavesdropping.

Recommendation

Avoid sending sensitive information like passwords in URLs. Instead, use the HTTP POST method and transmit sensitive data in the request body, which is more secure. Additionally, ensure that communication is encrypted using HTTPS to protect data in transit.

References

Related Issues

Tags:
Application Misconfiguration
Anything's wrong? Let us know Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue

Download