Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Netsparker identified an RSA private key in the web site.

When you try to login to a secure server, client application uses a digital signature to prove that you have the private key; the server checks that the signature is valid, and that the public key is authorized for your username. If all is well, you are granted access.


When the private key is unprotected with a passphrase, anybody who steals the key can log into everything you have access to.

Even if it is protected with a passphrase, the attacker can try a huge number of possible passphrases, even with moderate computing resources. If your passphrase is a dictionary word, it can probably be broken in a matter of seconds.

  • Remove this kind of sensitive data from the output.
CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 , CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner