CWE-598
Use of GET Request Method With Sensitive Query Strings
AI Translation Available
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Status
draft
Abstraction
variant
Affected Platforms
Web Based
Web Server
Technical Details
AI Translation
Common Consequences
confidentiality
Impacts
read application data
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
Descriptions:
•
When sensitive information is sent, use the POST method (e.g. registration form).