Detections
Analytics

Disclosed Hong Kong Identity Number

medium Web App Scanning Plugin ID 113943

Language:

Synopsis

Disclosed Hong Kong Identity Number

Description

A Hong Kong Identity Number (HKID number) is a personally identifiable number that is allocated during the issuance of a Honk Kong Identity Card. A stolen or leaked HKID number can lead to a compromise, and/or the theft of the affected individuals identity. WAS has discovered an HKID number located within the response of the affected page

Solution

Initially, examine the Identified HKID number within the response should be checked to ensure its validity, as it is possible that it has been detected on data with no relation to a real HKID number due to the wide variety of data formats present within HTML content. If the response does contain a valid HKID number, then all efforts should be taken to remove or further protect this information. This can be achieved by removing the HKID number altogether, or by masking the number so that only a few digits are present within the response. (eg. _*****123*****_).

See Also

https://en.wikipedia.org/wiki/Hong_Kong_identity_card

https://www.ogcio.gov.hk/en/our_work/infrastructure/e_government/if/common_schemas/hkid_number/index.html

Plugin Details

Severity: Medium

ID: 113943

Type: remote

Published: 6/20/2023

Updated: 6/20/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Reference Information