Sensitive Data in Query String
- CWE 598
Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL. This allows attackers to obtain sensitive data such as usernames, passwords, tokens (authX), database details, and any other potentially sensitive data.
Simply using HTTPS does not resolve this vulnerability. Regardless of using encryption, the following URL will expose information in the locations detailed below: https://vulnerablehost.com/authuser?user=bob&pass=1234
The parameter values for 'user' and 'pass' will be exposed in the following locations when using HTTP or HTTPS:
- Referer Header
- Web Logs
- Browser History
- Browser Cache
Remediation
The application should never transmit any sensitive information within the URL query string.
References
Go Back to List
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled