A known password was found in an HTTP response. As the password was not submitted in the HTTP request initiating the response, the password had likely been stored on the server, or a connected system, in an insecure manner.


Store passwords in a way that prevents attackers from accessing them, even if attackers manage to gain access to the credential storage or representation. .


Related Vulnerabilities