Burp Suite User Forum

Password Exposed in Dashboard

Tim | Last updated: Mar 24, 2020 03:28PM UTC

I noticed in a recent class that Burp Pro 2020.2.1 plainly displays the clear text password in the dashboard while an authenticated crawl is running. I can't imagine that this isn't a bug, because it doesn't make sense in the context of our previous conversations about the password not being shown in the scan configuration interface, so just wanted to let you know that it is happening. To make sure that it wasn't just a coincidence of the word "password" I tested it with random passwords as well and saw the cleartext password there each and every time. While I would still like to be able to see the password I'm typing into the Scan Configuration, there is literally no reason for me to have my password told to me in the dashboard of a scan.

Uthman, PortSwigger Agent | Last updated: Mar 25, 2020 08:28AM UTC

Can you send us further information to support@portswigger.net? Please send diagnostics and some screenshots (feel free to obfuscate any sensitive data i.e. the password).

You need to Log in to post a reply. Or register here, for free.