WebApp Sec mailing list archives
Re: Social Security Number in Hidden field
From: Robin Wood <robin@digi.ninja>
Date: Sun, 23 Nov 2014 22:28:50 +0000
Is there any reason for the SSN being included in the page? Is it used, i.e. can it be edited on the page? If not it shouldn't be there by the sound of it. Robin On 23 November 2014 at 20:12, Jyotiranjan Acharya <jyotiranjan121 () gmail com> wrote:
Hello, There is an application which is present in an intranet. When, the Admin of the application loads the user information page, a field called SSN appears. It shows ###-##-####. But the actual SSN remains in a hidden field. Do you think there should be a security issue with this ? Regards Jyoti This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Social Security Number in Hidden field Jyotiranjan Acharya (Nov 23)
- Re: Social Security Number in Hidden field Robin Wood (Nov 23)
- Re: Social Security Number in Hidden field snipe (Nov 23)
- Re: Social Security Number in Hidden field Abhay Rana (Nov 23)
- Re: Social Security Number in Hidden field Lorne Kates (Nov 23)
- Re: Social Security Number in Hidden field Antti Virtanen (Nov 24)
- RE: Social Security Number in Hidden field Jeffory Atkinson (Nov 24)
- RE: [EXT] RE: Social Security Number in Hidden field Hambleton, Robert F (Nov 24)
- Re: Social Security Number in Hidden field snipe (Nov 23)
- Re: Social Security Number in Hidden field Robin Wood (Nov 23)