Secure Data Exposed
The Secure Data Exposed analyzer detects when a secret field from a data format is being written to a UI element on a page that doesn't require authentication.
Fields marked as secret in your data format (for example, a password or token field) should never be exposed on public pages. If your action writes such a field to a UI element and that element lives on a page accessible without logging in, this analyzer will flag it.
How to fix it
You have two options:
- Mark the page that displays this data as authenticated access only, so only logged-in users can see it.
- Remove the secret field from the data being written to the UI element.
Severity
Major/Bug - exposing secret fields on public pages is a security risk.