SQL
User credentials are sensitive and must be transmitted securely. Sending them in plaintext allows attackers to intercept or modify data, compromising confidentiality and integrity.
CWE: 319 (Cleartext Transmission of Sensitive Information), 310 (Cryptographic Issues).
OWASP: A3 – Sensitive Data Exposure.
Plaintext user input can be intercepted or altered using tools like proxies, exposing credentials and endangering data integrity and confidentiality.
Exposing credentials over unencrypted channels threatens users’ privacy and an organization’s reputation, especially in critical web or mobile applications.
Always use HTTPS (SSL/TLS) for transmitting sensitive data. Encrypt user input on the client side before sending. Use secure hashing (e.g., MD5 or stronger) to detect tampering. Implement custom encryption if hashing isn’t applicable.
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
