Password field submitted using GET method


It was found that passwords that are sent using the GET method (sent at the URL), this could lead to sensitive user information disclosure.

Bussines Impact

An attacker could exploit this vulnerability to steal the victim’s password in ClearText using MITM (Man In The Middle) or check browser history.


To prevent this vulnerability from happening, make sure that all sensitive information is being sent using the POST sending method.