W2K server , SP3, IIS5, Citrix Nfuse1.7
I've noticed in the IIS logs that a week ago it started logging connections from users showing passwords in clear text, like this:
2003-11-27 16:31:43 10.102.16.43 - 10.0.20.46 80 GET /Citrix/Nfuse17/CMS/redirect.asp user=edufour&password=Nor#lleVie2 200
I've also noticed that when connection is done through POST method password is not disclosed at all......
Any ideas as to why passwords started appearing in the log in clear text would be much appreciated.
Also...what's the difference in authenticating through POST and through GET.....