External Behavior

External Behavior

Overview of the Vulnerability

Behavior external from the application is leaking user sensitive information due to misconfiguration errors of system or browser features. A local attacker can take advantage of these external behavior errors to gather sensitive user information and impersonate a user or make requests on their behalf.

Business Impact

This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.

Steps to Reproduce

1. Use a browser to navigate to: {{URL}}

2. Use {{software}} to profile the external behavior that is showing sensitive user information

Proof of Concept (PoC)

The screenshots below demonstrate the misconfigured external behavior:

{{screenshot}}

Recommendation(s)

It is important to thoroughly test the application for leakage of sensitive information across multiple devices, browsers, and environments within a well documented Software Development Lifecycle (SDLC).