Unencrypted Sensitive Form Detected

AWSHelpdesk
AWSHelpdesk used Ask the Experts™
on
I am getting a McAfee error saying "Unencrypted Sensitive Form Detected" for the login page of our website yet the page is https as is the action on the login form so I don't know how this could be possible?

Is there something else I should be looking at?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Hi There,

You could be rererencing some images or content that is not marked as SSL content. You might need to enable this setting in IIS.

Sean
btanExec Consultant
Distinguished Expert 2018

Commented:
The remote host appears to allow sensitive form submission over unencrypted (HTTP) connections. This means that a user's personal information would be sent over the internet in clear text. An attacker may be able to uncover sensitive information such as login names and passwords by sniffing network traffic. Looks like you will need to make the site SSL on the webserver

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial