Description

A security scan was done on the client. The security scan setup a reverse proxy and monitored traffic while the user logged in via KeyCloak. It was observed that the username and password was readable via the body of the request.

Value Proposition

If there is a proxy or reverse proxy setup, this is a point of vulnerability where the request and it's body will be exposed.

Goals

The body should be encoded.

Non-Goals

N/A

Discussion

No response

Notes

No response