Cisco Live San Diego Case Study: Hunting Cleartext Passwords In Http Post Requests

SERVERS

Additional Post Contributors: Mindy Schlueter

On June 11, the Cisco Live San Diego SOC received a Cisco XDR Incident triggered by two Cisco Secure Firewall events.

Both pointed to a Zeek detection:SNIFFPASS::HTTP_POST_Password_Seen. This is a clear sign that credentials were transmitted in unencrypted HTTP traffic.

This detection is a red flag: Usernames and passwords are being sent in plaintext, making them easy targets for anyone monitoring the network. This kind of risky behavior is often caused by:

Web apps using HTTP instead of HTTPS
Users logging into misconfigured or outdated websites
Legacy or IoT devices still using insecure protocols

Investigation Steps

Network Context- The SOC quickly identified the source: an endpoint on the participant's Wi-Fi network.
Deep Dive with Packet Capture- Pivoting from Cisco XDR to Endace, analysts reviewed the full packet capture (PCAP). The destination?http://app[.]xxxxxxx[.]com[.]br, a backend endpoint used by a mobile app.
App Identification- The HTTP headers includedX-Requested-With: com.xxxx.sell.This pointed to a Brazilian property management app available on the Google Play Store.
Scope of Exposure- Firewall logs revealed three endpoints on the Wi-Fi network had connected to this insecure app. The PCAP confirmed usernames and passwords were exposed in cleartext.

Takeaway and Response

The core issue: A publicly available mobile app (on both Android and iOS) uses unencrypted HTTP to transmit credentials. While the traffic wasn't outright malicious, it posed a serious privacy risk.

Rather than block the traffic, the SOC opted to educate the users on the dangers of using insecure apps - reinforcing the importance of encrypted communications.

Want to learn more about what we saw at Cisco Live San Diego 2025? check out our main blog post - Cisco Live San Diego 2025 SOC - and the rest of our Cisco Live SOC content.

We'd love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram
X

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

SERVERS

HOT NEWS

Huawei s5735-l24p4s-a-v2 Delivers Scalable, Secure, and Smart PoE Access for Modern IT Infrastructures

Huawei S5735-L48T4XE-A-V2 Switch Delivers Enterprise-Grade Performance in a Compact Design

Huawei S5735-L48P4XE-A-V2 Review: Versatile Campus Switch with iStack and Full L3 Support

Differences Between Huawei CE Series and S Series Switches

Huawei CloudEngine S5735 Switches Set the Benchmark for High-Performance, Energy-Efficient Switching

Huawei CloudEngine S5731‑S48P4X Datasheet

Huawei CloudEngine S5731‑S24P4X Datasheet

Huawei S5731-S Empowers Next-Generation Campus Networks with Advanced Capabilities

Huawei S5731-H24P4XC Switch Review: Power-Packed Performance and Smart PoE

Huawei S5731-H Series Switches Redefine Campus Networking with Intelligent High-Performance Architecture

Top Features of the Huawei S5731-S24T4X: The Ultimate Gigabit Access Switch for Modern Networks

General Power Module Fault Location Procedure (CE8800 & 7800 & 6800 & 5800)

How Do I Split a Stack? How to clear the stacking configuration?

Huawei CloudEngine S5731 Datasheet

Huawei CloudEngine S5731-S24P4X: Powerful Enterprise-Grade Switch Explained

Huawei S5731-S48T4X Review: Powerful Enterprise Switch for High-Speed Networking

Why are network cables limited to 100 meters?

Huawei S5731-S32ST4X: Powerful, Enterprise-Ready Gigabit Switch with Advanced Capabilities

Huawei S5731-H48T4XC Review: High-Performance Switching for Modern IT Infrastructures

Huawei S5731-H48P4XC: Comprehensive Overview

Common display Commands for Huawei Devices

Stacking Card Stacking vs. Service Port Stacking: Application Scenarios for the Two Switch Stacking Methods

Huawei S5731-H24T4XC: High-Performance Intelligent Gigabit Switch

Huawei S5731-S48P4X: High-Performance PoE Switch with Flexible Power and Uplink Options

Huawei S5731 Series: Advanced Networking Solutions for Enterprises

Difference between campus switch and data center switch

Huawei S6730-H28Y4C Campus CloudEngine Switch Datasheet

S6730-H48Y6C: Unleashing Power and Flexibility for Modern Networking

CloudEngine S6730-H Series Switches Datasheet

Huawei CloudEngine Switch S6730-S24X6Q Datasheet

Cisco Live San Diego Case Study: Hunting Cleartext Passwords in HTTP POST Requests

Investigation Steps

Takeaway and Response

Hot Tags : Cisco Live Cisco Talos Cisco XDR Cisco Security Cloud Cisco Secure Access Cisco User Protection Cisco Breach Protection Security Operations Center SOC Network Operations Center NOC

Ordering Guide

Resources

About Us

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

SERVERS

HOT NEWS

Huawei s5735-l24p4s-a-v2 Delivers Scalable, Secure, and Smart PoE Access for Modern IT Infrastructures

Huawei S5735-L48T4XE-A-V2 Switch Delivers Enterprise-Grade Performance in a Compact Design

Huawei S5735-L48P4XE-A-V2 Review: Versatile Campus Switch with iStack and Full L3 Support

Differences Between Huawei CE Series and S Series Switches

Huawei CloudEngine S5735 Switches Set the Benchmark for High-Performance, Energy-Efficient Switching

Huawei CloudEngine S5731‑S48P4X Datasheet

Huawei CloudEngine S5731‑S24P4X Datasheet

Huawei S5731-S Empowers Next-Generation Campus Networks with Advanced Capabilities

Huawei S5731-H24P4XC Switch Review: Power-Packed Performance and Smart PoE

Huawei S5731-H Series Switches Redefine Campus Networking with Intelligent High-Performance Architecture

Top Features of the Huawei S5731-S24T4X: The Ultimate Gigabit Access Switch for Modern Networks

General Power Module Fault Location Procedure (CE8800 & 7800 & 6800 & 5800)

How Do I Split a Stack? How to clear the stacking configuration?

Huawei CloudEngine S5731 Datasheet

Huawei CloudEngine S5731-S24P4X: Powerful Enterprise-Grade Switch Explained

Huawei S5731-S48T4X Review: Powerful Enterprise Switch for High-Speed Networking

Why are network cables limited to 100 meters?

Huawei S5731-S32ST4X: Powerful, Enterprise-Ready Gigabit Switch with Advanced Capabilities

Huawei S5731-H48T4XC Review: High-Performance Switching for Modern IT Infrastructures

Huawei S5731-H48P4XC: Comprehensive Overview

Common display Commands for Huawei Devices

Stacking Card Stacking vs. Service Port Stacking: Application Scenarios for the Two Switch Stacking Methods

Huawei S5731-H24T4XC: High-Performance Intelligent Gigabit Switch

Huawei S5731-S48P4X: High-Performance PoE Switch with Flexible Power and Uplink Options

Huawei S5731 Series: Advanced Networking Solutions for Enterprises

Difference between campus switch and data center switch

Huawei S6730-H28Y4C Campus CloudEngine Switch Datasheet

S6730-H48Y6C: Unleashing Power and Flexibility for Modern Networking

CloudEngine S6730-H Series Switches Datasheet

Huawei CloudEngine Switch S6730-S24X6Q Datasheet

Cisco Live San Diego Case Study: Hunting Cleartext Passwords in HTTP POST Requests

Investigation Steps

Takeaway and Response

Hot Tags : Cisco Live Cisco Talos Cisco XDR Cisco Security Cloud Cisco Secure Access Cisco User Protection Cisco Breach Protection Security Operations Center SOC Network Operations Center NOC

Ordering Guide

Resources

About Us

Huawei CloudEngine S5731‑S48P4X Datasheet