Skip to content

Password Exposure Analyzer

Configuration Name: PasswordExposure


The PasswordExposure analyzer reports when an operation exposes a password. A finding is reported when a response contains a key "password" with a value that is a string of length 4 or greater.

Faults Reported

Fault Identifier Title Summary Solution Severity
CWE-213 Exposure of Sensitive Information Application response contains a password. Passwords should not be transmitted in responses. Only allow users to modify a password by providing a new password. low