Details
Alert ID 10094-3
Alert Type Passive
Status alpha
Risk Informational
CWE 319
WASC 13
Technologies Targeted All
Tags CWE-319
OWASP_2017_A03
OWASP_2021_A04
POLICY_PENTEST
More Info Scan Rule Help

Summary

Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s).

Solution

Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrulesAlpha/Base64Disclosure.java