Web application form sends credentials using HTTP GET request.
Hopeing you can sed some light on this. We're failing a PCI compliance scan on our static IP and one of the reasons is "Web application form sends credentials using HTTP GET request." The resolution is to "change web application forms to use HTTP POST instead."
The address that is the problem is a login page for our IP/comcast business.
Anyway that this can be changed to use POST instead of GET? Why is comcast using GET if it's vulnerable? Alternatively, from my research I've found that this could be a false positive on the scan, but without documentation from Comcast Business, the scan company will not list it as so.
For instance, I came across a company where they also have this issue - but GET was only used to input the login info, once it was entered, it changed to POST - therefore it was false positive as it was actually compliant.