Details
Alert Id 10097
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

A hash was disclosed by the web server.

Solution

Ensure that hashes that are used to protect credentials or other resources are not leaked by the web server or database. There is typically no requirement for password hashes to be accessible to the web browser.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/HashDisclosureScanRule.java