You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Day 39: Read about Information Disclosure Vulnerabilities
1. What is information disclosure?
-> Information disclosure refers to the release or exposure of sensitive or confidential information to unauthorized individuals,
entities or systems.
-> It's also known as information leakage.
2. Examples of information disclosure?
-> Revealing the names of hidden directories
-> Database table or names in error messages
-> Exposing credit card details
-> Hard-coding API keys, IP addresses
-> Sensitive stuffs in source code
-> Source code via backup files
3. How it's vulnerabilities arise?
-> Insecure configuration
-> Failure to remove internal content from public
-> Insufficient security controls
-> Flawed design
4. Impact of these vulnerabilities?
-> Information disclosure vulnerabilities can have both a direct and indirect impact depending on the purpose of the website
-> For ex: If an online shop leaking its customers credit card details is likely to have critical impact.
-> On the other hand, leaking technical information, such as the directory structure or third-party frameworks are being used,
may have little to no direct impact