This article is a part of our Web Security Knowledge Base (back to index)
Why “Hash Disclosure - Mac OSX salted SHA-1” can be dangerous
Hash disclosure means that an encrypted version of a password may be publicly available somewhere on your website. Due to the existence of hashing algorithms that are not considered secure any more but may be still in use (like SHA-1) that can pose a risk to your application.
How to fix “Hash Disclosure - Mac OSX salted SHA-1”
Make sure that no hashes are available in the response body.
How does ScanRepeat report “Hash Disclosure - Mac OSX salted SHA-1”
ScanRepeat looks for any occurrences of hashes included in the response body and reports the exact URL, so these can be manually reviewed and removed.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now