Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Password Transmitted over Query String

Severity: Medium
Summary#

Invicti detected that your web application is transmitting passwords over query string.

Impact#
A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
  • If your website has external links or even external resources (such as image, javascript, etc), then your query string would be leaked.
  • Query string is generally stored in server logs.
  • Browsers will cache the query string.
Remediation#
Do not send any sensitive data through query string.
Classifications#
, , , , , ,

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A6 OWASP 2017-A3

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works