You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kylin.apache.org by "Lola Liu (JIRA)" <ji...@apache.org> on 2016/02/17 09:49:18 UTC

[jira] [Created] (KYLIN-1425) [Fortify] Insecure password submission in login page

Lola Liu created KYLIN-1425:
-------------------------------

             Summary:  [Fortify] Insecure password submission in login page
                 Key: KYLIN-1425
                 URL: https://issues.apache.org/jira/browse/KYLIN-1425
             Project: Kylin
          Issue Type: Bug
    Affects Versions: v1.0, v2.0
            Reporter: Lola Liu
            Assignee: Zhong,Jason


login.html submits a password as part of an HTTP GET request on line 41, which will cause the password to be displayed, logged, and stored in the browser cache.

In console we can see when user login, there will be 2 authentication requests, 1 is POST and the other is GET.(Please refer to attached image)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)