0
Under review

Google Auth OTP - Plain Text

Eric Taylor 11 months ago 0

Issue detail

The page contains a form with the following action URL, which is submitted

over clear-text HTTP:

The form contains the following password field:

  • ctl00$Main$passwordBox

Applications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed.

Vulnerability classifications

ConnectWise Control Version:
20.3
Server Affected:
Host Client Affected:
Guest Client Affected: