User credentials are sent in clear text


User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.


Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection (HTTPS).