User credentials are sent in clear text

  • User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
  • Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection (HTTPS).