Password field submitted using GET method

Description

It was found that passwords that are sent using the GET method (sent at the URL), this could lead to sensitive user information disclosure.

Bussines Impact

An attacker could exploit this vulnerability to steal the victim’s password in ClearText using MITM (Man In The Middle) or check browser history.

Recommendation

To prevent this vulnerability from happening, make sure that all sensitive information is being sent using the POST sending method.

Reference

https://cwe.mitre.org/data/definitions/598.html