Base64 Disclosure

Risk:
Informational

Type:
Passive

CWE:
CWE-200

Summary: Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s).

Solution: Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.

References: https://projects.webappsec.org/w/page/13246936/Information%20Leakage

Free security scan for your website

Don't show website scan report rating on the leaderboard