password sent in url when using webshell

[yorri]

I noticed when I click on webshell that Hsphere is passing my username and password unencrypted through the url.

I don't think that is a very secure thing to do.

If it saves me from logging in to webshell..I would prefer the inconvenience of logging in rather than having my password sent unencrypted around.

 

[Yash]

Your password is sent unencrypted even over an FTP connection too. Infact an FTP connection is less secure than WebShell

 

[yorri]

True...

It just alerted me because I saw it in the url. I must agree it is sent unencrypted when using ftp but I never thought of that because it is hidden from my view.

 

[Yash]

It should be hidden from view in webshell too. Don't tell me you are seeing your password.

 

[yorri]

Well it's not showing specifically...when I click on the link within HSphere it says opening page and within that link is my password. I am finding the site to be a bit slow so in the time it takes for Hsphere to actual switch to the webshell page I see my password in the status bar and sometimes the address bar.