Detail

Password Transmitted over Query String

Severity: Medium

Summary

Netsparker detected that your web application is transmitting passwords over query string.

Impact
A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
  • If your website has external links or even external resources (such as image, javascript, etc), then your query string would be leaked.
  • Query string is generally stored in server logs.
  • Browsers will cache the query string.
Remediation
Do not send any sensitive data through query string.
Classifications
PCI v3.1-6.5.4, PCI v3.2-6.5.4, WASC-13, OWASP 2013-A6, OWASP 2017-A3 , CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

CONTACT

Netsparker Ltd

  • United Kingdom, (reg. no. 06947644)
  • USA Office: +1 415 877 4450
  • UK Office: +44 (0)20 3588 3840
  • contact@netsparker.com
Copyright © 2019 Netsparker Ltd. All rights reserved.
Privacy Policy | Data Protection Policy | Sitemap