Password Exposure Analyzer
Configuration Name: PasswordExposure
Description
The PasswordExposure analyzer reports when an operation exposes a password.
A finding is reported when a response contains a key "password" with a value
that is a string of length 4 or greater.
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-213 | Exposure of Sensitive Information | Application response contains a password. | Passwords should not be transmitted in responses. Only allow users to modify a password by providing a new password. | low |