Base64 Disclosure in WebSocket message

Risk:
Informational

Type:
WebSocket Passive

Summary: A Base64-encoded string has been found in the websocket incoming message. Base64-encoded data may contain sensitive information such as usernames, passwords or cookies which should be further inspected. Decoded evidence: example.

Solution: Base64-encoding should not be used to store or send sensitive information.

Top CVE List

Common Alerts

HighAdvanced SQL Injection
InformationalAuthentication Request Identified
InformationalVerification Request Identified
LowStrict-Transport-Security Header Not Set
HighCross-Domain Misconfiguration - Adobe - Send
HighOut of Band XSS
MediumCSP: script-src unsafe-eval
LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)
InformationalUser Controllable Charset
InformationalModern Web Application

Top CWE List

Free online web security scanner

Don't show website scan report rating on the leaderboard