Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Password found in server response - Vulnerability Database

Password found in server response

Description

A known password was found in an HTTP response. As the password was not submitted in the HTTP request initiating the response, the password had likely been stored on the server, or a connected system, in an insecure manner.

Remediation

Store passwords in a way that prevents attackers from accessing them, even if attackers manage to gain access to the credential storage or representation. .

References

OWASP: Password Plaintext Storage
Password Storage · OWASP Cheat Sheet Series
CWE - CWE-312: Cleartext Storage of Sensitive Information (4.0)

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) High
Common tags: Information Disclosure
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) High
Common tags: Information Disclosure
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4) High
Common tags: Information Disclosure
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) High
Common tags: Information Disclosure

Severity

Medium

Classification

CWE-312
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure