PCI Scan issue:- Encrypt the username/password

  • Resolved Lalit Nagrath

    (@laliz)


    2 years, 3 months ago

    Scan Results

THREAT:

The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text

SOLUTION:

Please contact the vendor of the hardware/software for a possible fix for the issue. For custom applications, ensure that data sent via HTML login forms is encrypted before being sent from the client to the host.

RESUL T :

GET /cgi-bin/admin.php3?admin=YmxhYmxhOg%3D%3D&op=mod_authors HTTP/1.1 Host: www.xyz.com
Connection: Keep-Alive

<form class="woocommerce-form woocommerce-form-login login" method="post">

    We just ran a PCI test and this came out as recommendation.

    how can we encrypt the logins on woocommerce form?

    surprisingly, i never heard of this in my one decade of working with woocommerce. google doesnt work or provide a useful result

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘PCI Scan issue:- Encrypt the username/password’ is closed to new replies.