Http Sensitive Fields In Response Body

Description

This detector identifies when sensitive form fields in HTML contain exposed values that should be protected. It searches for input fields containing sensitive information (like passwords, credit card numbers, SSNs) that have values visible in the HTML source code, which creates a security risk as this data can be accessed by anyone viewing the page source.

Weakness:

020 - Non-encrypted confidential information

Category: Information Collection

Detection Strategy

• Scans all HTML input elements in web page responses for sensitive field types based on field names, labels, or attributes

• Checks if these sensitive input fields contain actual values (not empty or placeholder text) that are exposed in the HTML source

• Reports a vulnerability when sensitive fields like passwords, credit card numbers, or personal identifiers have values populated in the HTML that could be viewed by inspecting the page source

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.