Sitat av
lillekrek
Står det kanskje at den sender ukryptert for så å bli kryptert. Da tenker programmet på et MiM attack. Ellers er det ofte en false positiv. Prøv å send et trace og se hva headern gir deg, og jobb heller ut ifra det
Mye lettere
Jeg er ny innenfor området se.
Den sier dette :
Vulnerability description
User credentials are not encrypted when they are transmitted.
Affected items
/nordic/logginn.php (adc66064921fc151fd2d2c1cd1a99b99)
/nordic/login.php
The impact of this vulnerability
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
How to fix this vulnerability
Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.