Details
Alert ID 10097
Alert Type Passive
Status release
Risk Low
CWE 497
WASC 13
Technologies Targeted All
Tags CWE-497
OWASP_2017_A03
OWASP_2021_A04
POLICY_PENTEST
More Info Scan Rule Help

Summary

A hash was disclosed by the web server. - MD4 / MD5

Solution

Ensure that hashes that are used to protect credentials or other resources are not leaked by the web server or database. There is typically no requirement for password hashes to be accessible to the web browser.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/HashDisclosureScanRule.java