This is specifically relating to a scenario where an Autoscan instance is sending scan requests to another Autoscan instance which has password protected triggers. The scan sends successfully by populating the target as https://<user>:<pass>@autoscan.tld but then the username and password are in plaintext in the logs. It would be preferable if these were sanitized, at least for the log file if not for stdout as well.
This is specifically relating to a scenario where an Autoscan instance is sending scan requests to another Autoscan instance which has password protected triggers. The scan sends successfully by populating the target as
https://<user>:<pass>@autoscan.tldbut then the username and password are in plaintext in the logs. It would be preferable if these were sanitized, at least for the log file if not for stdout as well.