Password Returned in Later Response
- Severity
- Vulnerability description
Password Returned in Later Response vulnerability allows attackers to capture user credentials. By sending the password in subsequent responses, the application exposes sensitive information and increases the risk of unauthorized access.
- Risk description
The risk is that an attacker might capture the user passwords. Vulnerabilities such as weaknesses in session handling, broken access controls, or cross-site scripting, could enable the attacker to leverage this behavior to retrieve the passwords of other application users.
- Recommendation
Once a login is complete, do not send the password in any following responses. Use strong passwords and store them hashed on the server-side only, if necessary.
- Codename
- Not available
- Detectable with
- Website Scanner
- Scan engine
- Not available
- Exploitable with Sniper
- No
- CVE Published
- Not available
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.