When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /member.php/1004277-Toby. The impact of this vulnerability Possible sensitive information disclosure Password type input named vb_login_password from form with ID navbar_loginform with action login.php?do=login has autocomplete enabled. How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off">
User credentials are not encrypted when they are transmitted. This vulnerability affects /member.php/873-UserName1882 (GET ). A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. It seems that user credentials are sent to /login.php in clear text. Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.
Is that how my harmless picture of a bling pigeon on Eriks wall, turned into someone frantically beating themselves off?