Description

A known password was found in an HTTP response. As the password was not submitted in the HTTP request initiating the response, the password had likely been stored on the server, or a connected system, in an insecure manner.

Remediation

Store passwords in a way that prevents attackers from accessing them, even if attackers manage to gain access to the credential storage or representation. .

References

OWASP: Password Plaintext Storage

Password Storage · OWASP Cheat Sheet Series

CWE - CWE-312: Cleartext Storage of Sensitive Information (4.0)

Related Vulnerabilities

ASP.NET viewstate encryption disabled

The Heartbleed Bug

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

Joomla! Core Information Disclosure (1.5.0 - 3.7.5)

Adminer 4.6.2 file disclosure vulnerability

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure