HTTP URL contains a password input field
This means that the URL in question uses the HTTP protocol, but contains a password input field.
Why is this important?
Sensitive data such as passwords should be transferred using a secure method. Since HTTP URLs are not secured with SSL, the form itself could be compromised before the data gets processed, therefore this is not secure.
What does the Hint check?
This Hint will trigger for any internal HTTP URL which contains a <input type=password> password field.
Examples that trigger this Hint:
This Hint would trigger for any URL if it contained the following in the HTML:
How do you resolve this issue?
The best approach would be to load the entire site over HTTPS, since there are loads of good reasons to do this.
However, if this is not possible, then you need to remove the form from the HTTPS page, and instead link to a dedicated (HTTPS) page or pop it up in a separate window.