Remediate Vulnerability: Password field submitted using GET method

USGS-WiM / STNWeb

Data management application for the USGS Short-Term Network (STN) database

https://stn.wim.usgs.gov/stnweb/

Other

0 stars 3 forks source link

Remediate Vulnerability: Password field submitted using GET method #518

Closed aaronstephenson closed 3 years ago

aaronstephenson commented 3 years ago

Acunetix scan reports this app uses GET to submit passwords. Passwords must be submitted using a POST request. This is a Medium vulnerability and is a priority. The specific file reported is:

https://stn.wim.usgs.gov/stnweb/component/logInOut/login.html

lprivette commented 3 years ago

Same fix we did for SIGL, isn't working in STN, naturally. code is Identical in the services. I'll have to trouble shoot after hours as Ron is trying to create a new event in stn

lprivette commented 3 years ago

Corrected with: https://github.com/USGS-WiM/STNServices2/releases/tag/v2.2.5 and https://github.com/USGS-WiM/STNWeb/releases/tag/v2.4.0

both deployed to production