New Member
•
2 Messages
Web application form sends credentials using HTTP GET request.
Hello,
Hopeing you can sed some light on this. We're failing a PCI compliance scan on our static IP and one of the reasons is "Web application form sends credentials using HTTP GET request." The resolution is to "change web application forms to use HTTP POST instead."
The address that is the problem is a login page for our IP/comcast business.
Example: https://XX-XX-XXX-XXX-static.hfc.comcastbusiness.net/login
Anyway that this can be changed to use POST instead of GET? Why is comcast using GET if it's vulnerable? Alternatively, from my research I've found that this could be a false positive on the scan, but without documentation from Comcast Business, the scan company will not list it as so.
For instance, I came across a company where they also have this issue - but GET was only used to input the login info, once it was entered, it changed to POST - therefore it was false positive as it was actually compliant.
Thank you.
CC_Anisa
Problem solver
•
348 Messages
5 years ago
Hi there, thanks so much for taking the time to reach out to the Digital Care Team here through the forums and sorry to see that you are having issues with web applications. You have reached the right team to help get this taken care of. Can you please send a private message with your name, the full address, and phone/account number?
0
0