Burp Suite User Forum

Login to post

plaintext password

mosab | Last updated: Dec 18, 2021 09:21PM UTC

Hi there, if I capture a login request and view a password in plaintext form, would this indicate a vulnerability? Considering that if you capture it in some applications like facebook it will appear encrypted.

Michelle, PortSwigger Agent | Last updated: Dec 20, 2021 02:18PM UTC

Thanks for your message. Can you describe what you're seeing in a bit more detail, please? Are you seeing this in a request you have intercepted using Burp? If so, was the connection using HTTP or HTTPS? Or have you detected this whilst running a scan within Burp?

You need to Log in to post a reply. Or register here, for free.