Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Hudson » Password in Query or Cookie Data(A password was found in the query string of a GET request or Set-Cookie Header.)
Password in Query or Cookie Data [message #1691380] Mon, 06 April 2015 19:49 Go to next message
Queenie Chow is currently offline Queenie ChowFriend
Messages: 1
Registered: April 2015
Junior Member
We recently perform a security scan against our Hudson instance, from the scan report, we are flagged with an high issue for password management: Insecure Submission.

When an user is logging to Hudson, the user password was found in the query string of a GET request or Set-Cookie Header. The recommendation is to ensure that login information is sent with a POST request.

Any chance on fixing that in the future version of Hudson?
Re: Password in Query or Cookie Data [message #1691485 is a reply to message #1691380] Tue, 07 April 2015 14:49 Go to previous message
Denis Roy is currently offline Denis RoyFriend
Messages: 431
Registered: October 2004
Location: Ottawa, Ontario, Canada
Senior Member

Queenie Chow wrote on Mon, 06 April 2015 15:49
We recently perform a security scan against our Hudson instance, from the scan report, we are flagged with an high issue for password management: Insecure Submission.

When an user is logging to Hudson, the user password was found in the query string of a GET request or Set-Cookie Header. The recommendation is to ensure that login information is sent with a POST request.

Any chance on fixing that in the future version of Hudson?


Thanks for that. can you file this in Bugzilla using the link below:

https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Hudson&component=Core


As soon as you've opened the bug I'll file it as a Security issue.


Denis Roy
Eclipse Webmaster -- webmaster@eclipse.org
Previous Topic:Hudson 3.2.1 and Maven 3.3.1 with Win7 missing mvn.bat-file
Next Topic:Ignore failures of some configurations in a matrix project?
Goto Forum:
  


Current Time: Mon Oct 23 17:24:56 GMT 2017

Powered by FUDForum. Page generated in 0.02040 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software