Password field submitted using GET method

Description

During the scan,Cytrix managed to found that password fields were sent using the GET method (in the URL).
It might lead to sensitive user information being disclosed.

An attacker could exploit this vulnerability to steal the victim’s password in Clear Text using MITM (Man In The Middle) or check the browser’s history.

Recommendation

To prevent this vulnerability, make sure that all sensitive information is being sent using the POST sending method.

References

https://cwe.mitre.org/data/definitions/598.html

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »