This article is a part of our Web Security Knowledge Base (back to index)

Why “Hash Disclosure - Mac OSX salted SHA-1” can be dangerous

Hash disclosure means that an encrypted version of a password may be publicly available somewhere on your website. Due to the existence of hashing algorithms that are not considered secure any more but may be still in use (like SHA-1) that can pose a risk to your application.

How to fix “Hash Disclosure - Mac OSX salted SHA-1”

Make sure that no hashes are available in the response body.

How does ScanRepeat report “Hash Disclosure - Mac OSX salted SHA-1”

ScanRepeat looks for any occurrences of hashes included in the response body and reports the exact URL, so these can be manually reviewed and removed.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free