254 – Automatic information enumeration - Credit Cards

Description

It is possible to automatically list credit card information, as the expiration date and security code are not validated.

Impact

List credit cards in payments.

Recommendation

Filter the information received for payments.

Threat

Attacker with access to the application from the Internet.

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): H
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 237 - Ascertain human interaction
• 266 - Disable insecure functionalities
• 327 - Set a rate limit

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/18