Nginx logs contains temporary passwords


Our security auditor identified temporary passwords being logged by Nginx.
Is there a way to remove it? does it posses any risk?
Thank you,

[30/Jun/2024:10:36:13 +0300] “GET /pun/sys/dashboard/noVNC-1.3.0/app/sounds/bell.oga HTTP/1.1” 206 8495 “https://server.X.X./pun/sys/dashboard/noVNC-1.3.0/vnc.html?autoconnect=true&path=rnode%2Fserver.X.X%2F64083%2Fwebsockify&resize=remote&password=nkpDvxxq&compression=0&quality=9&commit=Launch+Desktop” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36” “X.X.X.X”

Hi and welcome.

Unfortunately - there’s no way to disable that. It is however, that is a 1 time use password. As soon as we generate and use it, we generate the next password. So even if someone were to capture it, it’s not valid anymore by that time.