| Details | |
|---|---|
| Alert Id | 10097 |
| Alert Type | Passive |
| Status | release |
| Risk | |
| CWE | |
| WASC | |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A03 OWASP_2021_A04 |
Summary
A hash was disclosed by the web server.
Solution
Ensure that hashes that are used to protect credentials or other resources are not leaked by the web server or database. There is typically no requirement for password hashes to be accessible to the web browser.Other Info
References
- http://projects.webappsec.org/w/page/13246936/Information%20Leakage
- http://openwall.info/wiki/john/sample-hashes