Web Server Transmits Cleartext Credentials

low Nessus Plugin ID 26194

Synopsis

The remote web server might transmit credentials in cleartext.

Description

The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext.

An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.

Solution

Make sure that every sensitive form transmits content over HTTPS.

Plugin Details

Severity: Low

ID: 26194

File Name: www_clear_text_passwords.nasl

Version: Revision: 1.17

Type: remote

Family: Web Servers

Published: 9/28/2007

Updated: 11/29/2016

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Reference Information

CWE: 522, 523, 718, 724, 928, 930