Details
Alert ID 110002
Alert Type WebSocket Passive
Status release
Risk Informational
CWE
WASC
Technologies Targeted All
Tags

Summary

A Base64-encoded string has been found in the websocket incoming message. Base64-encoded data may contain sensitive information such as usernames, passwords or cookies which should be further inspected. Decoded evidence: example.

Solution

Base64-encoding should not be used to store or send sensitive information.

Other Info

References

Code

scripts/templates/websocketpassive/Base64 Disclosure.js