Exposure of Sensitive Data: Using login credentials (password and email address) as query parameters in a URL is particularly risky. URLs are routinely saved in browser history and server logs, and they may be exposed to intermediaries, all of which raise the danger of credential leaks.
Screen Shot of the Vulnerable Code
Impact of the vulnerability
4/5
Recommended Steps to resolve it?
Do not send credentials in the URL.
Modify the retrieval request to include the credentials as FormData or JSON in the request body. This reduces the likelihood that login credentials may surface in logs or URLs.Make advantage of HTTPS.
To encrypt the data in transit, ensure that the fetch request is sent using HTTPS.
Description of the Vulnerability
Exposure of Sensitive Data: Using login credentials (password and email address) as query parameters in a URL is particularly risky. URLs are routinely saved in browser history and server logs, and they may be exposed to intermediaries, all of which raise the danger of credential leaks.
Screen Shot of the Vulnerable Code
Impact of the vulnerability
4/5
Recommended Steps to resolve it?
Do not send credentials in the URL.
Modify the retrieval request to include the credentials as FormData or JSON in the request body. This reduces the likelihood that login credentials may surface in logs or URLs.Make advantage of HTTPS.
To encrypt the data in transit, ensure that the fetch request is sent using HTTPS.
School Name
GD Goenka sector 10A