DevTest authentication credentials are passed as raw data
Article ID: 125549
CA Application TestService VirtualizationCA Continuous Application Insight (PathFinder)CA Service Virtualization (DevTest / LISA / VSE / Application Test)
Though the DevTest portal is setup for HTTPS, on Network tab of portal/ED browser we are seeing Authentication credentials being passed as raw data. This is a security risk.
Release: Component: ITKOTF
The Developer Tools, Network tab shows HTTP data before it is sent to the server and it shows when the the tool is opened and credentials are entered. If you open the Developer Tools after the login was performed, no information will be available.
To verify if the DevTest authentication data is being passed as raw data we would need to use a network traffic analyzer, like Wireshark, to capture the data and verify how the username and password are being transmitted in the network. If you are using HTTP/S all communication between the client and server is encrypted. This has been tested and verified.