ZAP – Authentication Request Identified

Details
Alert ID	10111
Alert Type	Passive
Status	beta
Risk	Informational
CWE
WASC
Technologies Targeted	All
Tags

Summary

The given request has been identified as an authentication request. The ‘Other Info’ field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to “Auto-Detect” then this rule will change the authentication to match the request identified.

Solution

This is an informational alert rather than a vulnerability and so there is nothing to fix.

Other Info

userParam=username userValue=test passwordParam=password

References

https://www.zaproxy.org/docs/desktop/addons/authentication-helper/auth-req-id/

Code

org/zaproxy/addon/authhelper/AuthenticationDetectionScanRule.java