Summary

Acunetix 360 detected that your web application is transmitting passwords over query string.

Impact

A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
  • If your website has external links or even external resources (such as image, javascript, etc), then your query string would be leaked.
  • Query string is generally stored in server logs.
  • Browsers will cache the query string.

Remediation

Do not send any sensitive data through query string.

Severity

Medium

Classification

PCI v3.2-6.5.4 CWE-598 ISO27001-A.14.2.5 WASC-13 OWASP 2013-A6 OWASP 2017-A3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N