Description
A known password was found in an HTTP response. As the password was not submitted in the HTTP request initiating the response, the password had likely been stored on the server, or a connected system, in an insecure manner.
Remediation
Store passwords in a way that prevents attackers from accessing them, even if attackers manage to gain access to the credential storage or representation. .
References
OWASP: Password Plaintext Storage
Password Storage · OWASP Cheat Sheet Series
CWE - CWE-312: Cleartext Storage of Sensitive Information (4.0)
Related Vulnerabilities
web.xml configuration file disclosure
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)
CodeIgniter development mode enabled
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)