Description

A known password was found in an HTTP response. As the password was not submitted in the HTTP request initiating the response, the password had likely been stored on the server, or a connected system, in an insecure manner.

Remediation

Store passwords in a way that prevents attackers from accessing them, even if attackers manage to gain access to the credential storage or representation. .

References

Related Vulnerabilities