logo

Database

Business information leak - Personal Information

Description

Real user information such as real ID numbers and phone numbers are being stored in the source code.

Impact

Obtain personal information from the user of the application in order to use it in different attacks such as social engineering, among others.

Recommendation

Personal information should not be exposed in the source code, and in case it is necessary, the data used should not correspond to reality.

Threat

Attacker with access to the applications source code.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

176 - Restrict system objects177 - Avoid caching and temporary files180 - Use mock data261 - Avoid exposing sensitive information300 - Mask sensitive data

Fixes

CsharpDartElixirGoJavaPythonScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

H

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N