Credientals Over GET method in plain Text
Medium
R
RATELIMITED
Submitted None
Actions:
Reported by
d33van
Vulnerability Details
Technical details and impact analysis
Hi Team,
Description
While I was testing the application i found this bug where the application is sending the credentials over Plain text in URL : https://auth.ratelimited.me/login?username=testqaz%40grr.la&password=D33vanh%40h%40h%40
Vulnerable URl https://auth.ratelimited.me
## Impact
Impact: if the application is sending the credentials over GET request it will be saved in the history of the Browser
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Unprotected Transport of Credentials