Zendesk: "Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header
Summary: In certain conditions, the HTTP target extension is sending the username and password of the authenticated user testing the target in the test request's Authorization header as base64 encoded i.e. HTTP basic auth. I have graded this as a medium due to some mitigating circumstances browse...