ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DevTest authentication credentials are passed as raw data

book

Article ID: 125549

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction



Though the DevTest portal is setup for HTTPS, on Network tab of portal/ED browser we are seeing Authentication credentials being passed as raw data. This is a security risk. 

Environment

Release:
Component: ITKOTF

Resolution

The Developer Tools, Network tab shows HTTP data before it is sent to the server and it shows when the the tool is opened and credentials are entered. If you open the Developer Tools after the login was performed, no information will be available. 

To verify if the DevTest authentication data is being passed as raw data we would need to use a network traffic analyzer, like Wireshark, to capture the data and verify how the username and password are being transmitted in the network. If you are using HTTP/S all communication between the client and server is encrypted. This has been tested and verified.