The content of the user dialog box is sent as plain text and can be modified
HTTP connection can break and user name and password will lost
J_security_check servlet is accessible from outside the server and could be
hacked
Login.jsp and error.jsp are accessible from outside the server and can be stolen
User name and password are transmitted as HTTP request params and can be
easily extracted
User name is transmitted as HTTP request param and the password can be found
via brute force method
The target server is not authenticated and can be substituted
|