Base64-encoded data in parameter
Description: Base64-encoded data in parameter
Applications sometimes Base64-encode parameters in an attempt to obfuscate them from users or facilitate transport of binary data. The presence of Base64-encoded data may indicate security-sensitive information or functionality that is worthy of further investigation. The data should be reviewed to determine whether it contains any interesting information, or provides any additional entry points for malicious input.
- CWE-310: Cryptographic Issues
- CWE-311: Missing Encryption of Sensitive Data
- CAPEC-37: Retrieve Embedded Sensitive Data