Vihitha-Wijerathne
commented
1 month ago Successfully resolved the High Hash Disclosure security issue by excluding sensitive password fields in API responses.
Closed Vihitha-Wijerathne closed 1 month ago
Vihitha-Wijerathne
commented
1 month ago Successfully resolved the High Hash Disclosure security issue by excluding sensitive password fields in API responses.
Description: A BCrypt hash is being disclosed by the web server in API responses. Password hashes should never be exposed to the client or web browser for security reasons.
Solution: Ensure password hashes are not sent in any responses by excluding the password field when querying user data. Review the API to sanitize responses, enhance access control, and ensure proper error handling to prevent the exposure of sensitive information.