PCI CLEAR PARAMETER VIOLATION

Feature Value
Type Detection
Risk
Covered by Agent
Compliance PCI DSS

Credit card details should not be included as Http request parameters or as part of the URL as it greatly increases the possibility of them being leaked.

Example:

GET /app/process?card=4444444444444448 HTTP/1.1
Host: example.com

More information

How to solve it

If a credit card number needs to be transmitted from the client, a custom encryption process should be applied.