Detections
Analytics
Credit Card Disclosure in HTML
medium Nessus Plugin ID 122648
Language:
Synopsis
The web application displays plaintext credit card information.Description
The remote web application displays plaintext credit card information without the appropriate masking.Solution
Full credit card numbers should not be displayed. Partial credit card numbers must be appropriately masked.Plugin Details
Severity: Medium
ID: 122648
File Name: credit_card_display.nasl
Version: 1.4
Type: remote
Family: CGI abuses
Published: 3/6/2019
Updated: 3/7/2023
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Information disclosure score
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Information
Required KB Items: Settings/ParanoidReport, Settings/enable_web_app_tests