Running Insecure Cryptographic Storage

This is a post-exploit test that tries to access and identify sensitive information in the web application's database. If there is a SQL agent for a target, you can test this risk in the following ways:

Local Information Gathering: The WebApps Local Information Gathering RPT step will automatically attempt to locate sensitive data in the database.
Check for Sensitive Information module: If you want to test for this risk manually, make sure you have a SQL agent on the target page(s) and then run the module called Check for Sensitive Information.
Check for Sensitive Information Module

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
21.8 | 202512020809 | December 2025