Download Netsparker
Pricing
Blog
Contact
Netsparker

Password Detected in URL Query String

Netsparker detected that your web application is transmitting passwords over query string.

Impact

A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
  • If your website has external links or even external resources (such as image, javascript, etc), then your query string would be leaked.
  • Query string is generally stored in server logs.
  • Browsers will cache the query string.

Remedy

Do not send any sensitive data through query string. 


Go back to the Complete list of Vulnerability Checks.