Leaking authentication
Description
The server sent too much information in the response about the user's base.
Remediation
Ensure that messages are neutral and do not disclose information about the user's base.
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
information_disclosure/leaking_authentication
Examples
Ignore this check
checks:
information_disclosure/leaking_authentication:
skip: true
Score
- Escape Severity: MEDIUM
Compliance
OWASP: API7:2023
pci: 8.2.1
gdpr: Article-32
soc2: CC6
psd2: Article-95
iso27001: A.18.1
nist: SP800-53
fedramp: AC-6
Classification
- CWE: 200
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
- CVSS_SCORE: 7.2