Credit Card number disclosure

OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C7 PCI v3.2-PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WSTG-ATHN-06 WASC-13

A credit card is a payment card issued to users to enable the cardholder to pay a merchant. There are servers that disclose the Credit Card number of the users. Displaying the whole 16 digits credit card number is disclosing of sensitive information. This is strictly forbidden to secure cardholder’s money. On the internet, a user uses his credit card to perform online purchases. An attacker will use different ways to compromise the credit card details from the users. If the attacker is successful in getting the credit card number, he can buy products from the internet using his number.

Impact

Using this vulnerability, an attacker can:-

  • access information about a user using the credit card number. This situation is a loss of personal data.
  • make unauthorised purchases. This Compromises the security of the user.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Try not to expose the Credit card numbers on the application’s website.

Latest Articles