Business information leak - Token
Description
Some of the information of the user like the username/email and full name is included in the data contained in the session token.
Impact
Obtain name and emails of users.
Recommendation
Avoid to include sensitive user information in the session token.
Threat
External attacker with access to tokens.
Expected Remediation Time
⏱️ 60 minutes.