02-06-2020 05:13 AM
I have just turned this on and it's coming up with some really useful (and quite scary) alerts but in a few cases, the URL it is flagging up is pretty innocuous and doesn't include anything resembling the user name or password, so what is it matching on? Is it possibly searching cookie content as well?
In an example I have followed up, the URL is for a login page so it stands to reason that credentials are being sent at some point, but the credential-detected flag is against a URL which just goes to the login page. Cookies would explain it, but I just wondered if there is an explanation anywhere stating what this feature searches?
Thanks
02-06-2020 01:49 PM
it looks in the post message sent when you enter credentials and click logon
the url will be the logon page, the payload the user details
02-06-2020 01:49 PM
it looks in the post message sent when you enter credentials and click logon
the url will be the logon page, the payload the user details
02-11-2020 01:24 AM - edited 02-11-2020 01:27 AM
Ah. I didn't spot the POST in the session details.
Many thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
