Private IP Disclosure

By
Anandhu Krishnan
Published on
14 May 2024
Vulnerability

Description

A private IP address or an Amazon EC2 private hostname has been inadvertently disclosed, potentially facilitating further attacks on internal systems.

Recommendation

To mitigate this issue, ensure that all private IP addresses are removed from HTTP response bodies. For comments within code, use language-specific syntax (e.g., JSP/ASP/PHP) rather than HTML/JavaScript comments that can be accessed by clients.


Written by
Anandhu Krishnan
Anandhu Krishnan
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days