Details
Alert ID 100010
Alert Type Script Passive
Status alpha
Risk Low
CWE 327
WASC 13
Technologies Targeted All
Tags CWE-327
More Info Scan Rule Help

Summary

A hash was discovered in the HTTP response body.

Solution

Ensure that hashes that are used to protect credentials or other resources are not leaked by the web server or database. There is typically no requirement for password hashes to be accessible to the web browser.

Other Info

References

Code

passive/Find Hashes.js