ZAP Proxy is showing a PII Disclosure vulnerability, but it seems is a crazy ZAP Proxy false-positive, don’t you agree? Thanks.
Hi @pchamorro,
That’s a false positive. ZAP proxy thinks our CSRF token is a bank ID
These analysis/testing tools generally need their reports to be vetted for basic quality – they generate a lot of false positives.
Regards,
Alec Smecher
Public Knowledge Project Team
1 Like
Thank you very much.
This topic was automatically closed after 10 days. New replies are no longer allowed.