Credit Card number disclosure

A credit card is a payment card issued to users to enable the cardholder to pay a merchant. There are servers that disclose the Credit Card number of the users. Displaying the whole 16 digits credit card number is disclosing of sensitive information. This is strictly forbidden to secure cardholder’s money. On the internet, a user uses his credit card to perform online purchases. An attacker will use different ways to compromise the credit card details from the users. If the attacker is successful in getting the credit card number, he can buy products from the internet using his number.

Impact

Using this vulnerability, an attacker can:-

• access information about a user using the credit card number. This situation is a loss of personal data.
• make unauthorised purchases. This Compromises the security of the user.

Mitigation / Precaution

Beagle recommends the following fixes:-

• Try not to expose the Credit card numbers on the application’s website.