Password Transmitted over Query String
Summary#
Invicti detected that your web application is transmitting passwords over query string.
Impact#
A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
- If your website has external links or even external resources (such as image, javascript, etc), then your query string would be leaked.
- Query string is generally stored in server logs.
- Browsers will cache the query string.
Remediation#
Do not send any sensitive data through query string.
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
Related Vulnerabilities
