Description

User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.

Remediation

Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection (HTTPS).

References

Related Vulnerabilities