361 – Missing secure obfuscation - JavaScript
Description
It is possible to obtain source code from the application since it has only been partially obfuscated in a secure way. This could allow an attacker to understand the inner workings of the application.
Impact
- Understand the operation of the application in order to increase the attack vector. - Identify validations performed by the front end.
Recommendation
Perform an obfuscation process to the code exposed in web applications.
Threat
Unauthorized user from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P