/vulndb/Password Via GET

Sending passwords via GET parameter is considered a bad programming practice since this information can be easily read from the browser’s address bar, history or from the web server logs.

This information may be stored on an insecure storage, which increased the possibility for account hijacking attacks.

Solution

Passwords and other sensitive information should be sent via POST requests only.

Caveats

The application should not automatically resubmit user credentials as this indicates that the credentials are not hashed but sent and stored in plain text.

References

https://www.owasp.org/index.php/Guide_to_Authentication