[jira] [Updated] (KYLIN-1425) [Fortify] Insecure password submission in login page

Lola Liu (JIRA) Wed, 17 Feb 2016 00:51:06 -0800

     [ 
https://issues.apache.org/jira/browse/KYLIN-1425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Lola Liu updated KYLIN-1425:
----------------------------
    Attachment: password[1].png

>  [Fortify] Insecure password submission in login page
> -----------------------------------------------------
>
>                 Key: KYLIN-1425
>                 URL: https://issues.apache.org/jira/browse/KYLIN-1425
>             Project: Kylin
>          Issue Type: Bug
>    Affects Versions: v2.0, v1.0
>            Reporter: Lola Liu
>            Assignee: Zhong,Jason
>         Attachments: password[1].png
>
>
> login.html submits a password as part of an HTTP GET request on line 41, 
> which will cause the password to be displayed, logged, and stored in the 
> browser cache.
> In console we can see when user login, there will be 2 authentication 
> requests, 1 is POST and the other is GET.(Please refer to attached image)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KYLIN-1425) [Fortify] Insecure password submission in login page

Reply via email to