Eclipse Community Forums: Hudson » Password in Query or Cookie Data

Home » Archived » Hudson » Password in Query or Cookie Data(A password was found in the query string of a GET request or Set-Cookie Header.)

Password in Query or Cookie Data [message #1691380]

Mon, 06 April 2015 15:49

Eclipse User

We recently perform a security scan against our Hudson instance, from the scan report, we are flagged with an high issue for password management: Insecure Submission.

When an user is logging to Hudson, the user password was found in the query string of a GET request or Set-Cookie Header. The recommendation is to ensure that login information is sent with a POST request.

Any chance on fixing that in the future version of Hudson?

Re: Password in Query or Cookie Data [message #1691485 is a reply to message #1691380]

Tue, 07 April 2015 10:49

Eclipse User

Queenie Chow wrote on Mon, 06 April 2015 15:49

We recently perform a security scan against our Hudson instance, from the scan report, we are flagged with an high issue for password management: Insecure Submission.

When an user is logging to Hudson, the user password was found in the query string of a GET request or Set-Cookie Header. The recommendation is to ensure that login information is sent with a POST request.

Any chance on fixing that in the future version of Hudson?

Thanks for that. can you file this in Bugzilla using the link below:

https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Hudson&component=Core

As soon as you've opened the bug I'll file it as a Security issue.

Previous Topic:	Hudson 3.2.1 and Maven 3.3.1 with Win7 missing mvn.bat-file
Next Topic:	Ignore failures of some configurations in a matrix project?

Goto Forum:

-=] Back to Top [=-

Current Time: Wed Jul 23 02:23:28 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter