An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
