RATELIMITED: Credientals Over GET method in plain Text

2019-02-04T08:15:00
ID H1:490899
Type hackerone
Reporter d33van
Modified 2019-02-17T17:48:57

Description

Hi Team,

Description While I was testing the application i found this bug where the application is sending the credentials over Plain text in URL : https://auth.ratelimited.me/login?username=testqaz%40grr.la&password=D33vanh%40h%40h%40

Vulnerable URl https://auth.ratelimited.me

Impact

Impact: if the application is sending the credentials over GET request it will be saved in the history of the Browser