Information leakage using meta tag

OWASP 2013-A6 OWASP 2017-A3 CWE-200 WSTG-INFO-05 WASC-13

The meta tag is employed to provide additional information. In this page comments and metadata are included in the HTML code that might reveal internal information that should not be available to potential attackers. Comments and metadata review ought to be done in order to determine if any data is being leaked. Tags should not be considered the primary mechanism, rather a complementary control to document link.

Impact

The impact include:-

  • Huge data breach
  • Possible manipulation of your sensitive information

Mitigation / Precaution

Beagle recommends the following:-

  • Make sure the metadata and comments do not leak any internal information.

Latest Articles