Http Response Cache Not Restricted
Description
This detector identifies web pages containing password forms that lack proper cache control headers. When sensitive forms can be cached by browsers or proxy servers, credentials may be stored in cache files, creating a security risk where unauthorized users could potentially access cached sensitive data.
Detection Strategy
• The detector scans web pages for HTML forms containing password input fields (identified by input elements with sensitive field labels like 'password', 'pwd', etc.)
• It then examines HTTP response headers to check if a Cache-Control header is present with appropriate security directives
• A vulnerability is reported when a page contains password forms but either lacks a Cache-Control header entirely or the Cache-Control header does not include safe caching directives (such as no-cache, no-store, private, or must-revalidate)
• The vulnerability is only triggered for pages that actually contain forms with password fields - pages without sensitive forms are not flagged regardless of their caching configuration
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.