Title
Not Logged In [Login Now]

Insecure_Password_Transfer

Medium Severity
Definition ID 219, Last Updated May 04th 2010, 10:38 p.m. (Revision 3)

Synopsis

Detects pages that submit a password over an unencrypted connection

Description

This definition detects password fields that are submitted over unencrypted connection (a non-SSL connection). Sending passwords over an unencrypted connection can allow them to be sniffed by malicious users.

The form that contains the password field must be modified such that it submits the form over HTTPS.

Reference

Definition Code