When using standard Episerver CMS login, the password and user name is posted as clear text.
To reproduce...
- Open Chrome and whip out Developer Tools and select the Network tab. Check Preserve log.
- Open your CMS site at /util/login.aspx and log on with your user credentials.
- Select the first login.aspx in the list of network traffic in Developer Tools and click the Headers tab.
- Locate form data at the bottom, to view your user name and password in clear text.
Any thoughts on this? Is it supposed to be like that?