Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for Base64 Disclosure

HawkScan Test Info for Base64 Disclosure

Base64 Disclosure

Reference

Plugin Id: 10094 | CWE: 200

Remediation

  1. Review exposed data: Manually examine all Base64 encoded strings to determine if they contain sensitive information.
  2. Remove sensitive encoding: Eliminate any Base64 encoded sensitive data from responses.
  3. Implement access controls: Ensure that any legitimate Base64 encoded data is properly protected with authentication and authorization.
  4. Regular security reviews: Periodically audit responses for unintended data exposure.

About

Base64 Disclosure occurs when applications include Base64 encoded data in HTTP responses that may contain sensitive information. While Base64 is encoding rather than encryption, it can obscure sensitive data that developers may not realize is being exposed to clients.

Risks

Medium Base64 encoded data may contain sensitive information such as database connection strings, API keys, internal system details, or user data that could be exploited by attackers for further system compromise.