hanu
CICyber Info
•Created by hanu on 5/12/2023 in #❓︱support-requests
credentials in plain text in burpsuite
It's a project I'm working on, I vaguely know i shouldn't be reporting plain text credentials(these are the ones for the login page of that app) as a vulnerability. So I did not. I don't know the entire "why" behind it. A colleague (our lead who's technically dumb) pointed out why I didn't report this. So I just wanted to have a better explanation for not reporting this. I told him basically Burp Suite's ca cert is added to the browser so it'd have the same visibility as our browser does.
There isn't any better explanation on the internet or even standard sites like owasp or portswigger. So I thought about reaching out in some community chat.
Thanks for the clarification by the way.
3 replies