|
|
|
|
|
|
by jawher
5618 days ago
|
|
|
Even of the login form was submitted to a HTTPS url (which is the case), the fact that the login page was served over HTTP allows the government to inject the JS code, which will execute locally and retrieve the login and password inputs and send them via Ajax to another URL. |
|
|