Question

5
Replies
1229
Views
jafferSathick Member since 2010 23 posts
TCS
Posted: 3 years ago
Last activity: 2 years 7 months ago
Closed

Fiddler is intercepting password for SSL enabled HTTPS login

When I keep the Fiddler ON and enter into my SSL enabled HTTPS pega website, I am seeing password of my login in the 303 transmissions.

I know this will not happen if the login is authenticated through SSO. But, is there any way to HASH ( or atleast encrypt ) the password during the 303 transmission.

I took a look at the following article but I'm not sure if it will solve the problem I have.

https://pdn.pega.com/about-password-hashing

Can you advise on how to hide/hash/encrypt the login password during transmissions during logon ?

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Low-Code App Development Security
Moderation Team has archived post
Share this page LinkedIn