Title
Not Logged In [Login Now]

NonSSLPasswordSubmission

Low Severity
Definition ID 218, Last Updated Feb 17th 2011, 01:31 a.m. (Revision 2)

This definition has been deprecated and is no longer included in the official definition set.
Make sure to update your definition sets to the most current release.

Synopsis

Detects pages that submit a password over an unencrypted connection

Description

This definition detects password fields that are submitted over unencrypted connection (a non-SSL connection). Sending passwords over an unencrypted connection can allow them to be sniffed by malicious users.

The form that contains the password field must be modified such that it submits the form over HTTPS.

Note: this definition has been superseded by the Insecure_Password_Transfer definition

Reference

Definition Code