Lola Liu created KYLIN-1425:
-------------------------------
Summary: [Fortify] Insecure password submission in login page
Key: KYLIN-1425
URL: https://issues.apache.org/jira/browse/KYLIN-1425
Project: Kylin
Issue Type: Bug
Affects Versions: v1.0, v2.0
Reporter: Lola Liu
Assignee: Zhong,Jason
login.html submits a password as part of an HTTP GET request on line 41, which
will cause the password to be displayed, logged, and stored in the browser
cache.
In console we can see when user login, there will be 2 authentication requests,
1 is POST and the other is GET.(Please refer to attached image)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
