Credit Card number disclosure

OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.3 OWASP PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13 WSTG-ATHN-06

A credit card is a payment card issued to users to enable the cardholder to pay a merchant. There are servers that disclose the Credit Card number of the users. Displaying the whole 16 digits credit card number is disclosing of sensitive information. This is strictly forbidden to secure cardholder’s money. On the internet, a user uses his credit card to perform online purchases. An attacker will use different ways to compromise the credit card details from the users. If the attacker is successful in getting the credit card number, he can buy products from the internet using his number.


Using this vulnerability, an attacker can:-

  • access information about a user using the credit card number. This situation is a loss of personal data.
  • make unauthorised purchases. This Compromises the security of the user.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Try not to expose the Credit card numbers on the application’s website.

Latest Articles