I am learning security testing of web application and couldn't find answer to my question online.
I tried to tamper POST request with Tamper Data on Mozilla ( application does not use SSL) .
Post Parameter Name tab has in JSON string parameter name and value in plain text ( username and password), and tab Post Parameter Value was empty.
Searching online I saw that parameter values are in POST parameter value box,
so is it mistake or security issue to be like in my case?
Thanks in advance,