Detail

Password Transmitted over Query String

Severity: Medium

Summary #

Netsparker detected that your web application is transmitting passwords over query string.

Impact #
A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
  • If your website has external links or even external resources (such as image, javascript, etc), then your query string would be leaked.
  • Query string is generally stored in server logs.
  • Browsers will cache the query string.
Remediation #
Do not send any sensitive data through query string.
Classifications #
PCI v3.1-6.5.4; PCI v3.2-6.5.4; CWE-598; ISO27001-A.14.2.5; WASC-13; OWASP 2013-A6; OWASP 2017-A3 , CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A6  OWASP 2017-A3 

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Netsparker Ltd
220 Industrial Blvd Ste 102
Austin, TX 78745

© Netsparker 2021, by Invicti

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Netsparker 2021, by Invicti

Subscription Services Agreement Data Protection Policy Information Security Policy Privacy Policy Sitemap