Information Leakage / Password Returned in URL Query String

Description

Password returned in URL query string is an example of an Information Leakage vulnerability (CWE-200) which occurs when the application sends sensitive information in the URL query string, such as passwords and tokens. This vulnerability is most common in web and API applications, where the application sends plaintext passwords in the URL query string, thus allowing an attacker to easily intercept them. For further information, see the OWASP Testing Guide V4, Section A8-Sensitive Data Exposure.

Risk

This vulnerability is extremely high-risk as it allows an attacker to easily steal passwords and other sensitive information. An attacker can use this information to gain access to a user's account and potentially other confidential information stored within the application.

Solution

The solution to this vulnerability is to never send passwords or tokens in the query string. Instead, passwords and tokens should be sent via secure HTTP POST requests. This will ensure that the data is encrypted and much more difficult for an attacker to intercept.