Sensitive Data in Query String

  • CWE 598

Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL. This allows attackers to obtain sensitive data such as usernames, passwords, tokens (authX), database details, and any other potentially sensitive data.

Simply using HTTPS does not resolve this vulnerability. Regardless of using encryption, the following URL will expose information in the locations detailed below:

The parameter values for 'user' and 'pass' will be exposed in the following locations when using HTTP or HTTPS:

  • Referer Header
  • Web Logs
  • Browser History
  • Browser Cache

The application should never transmit any sensitive information within the URL query string.