Potential Sensitive Data Disclosure
Description
The application's API endpoints are exposing sensitive data fields, including Personally Identifiable Information (PII), in their responses. This finding indicates that data classification and handling practices may need review to ensure sensitive information is only transmitted when necessary and properly protected. While not a vulnerability itself, this creates an expanded attack surface that could amplify the severity of other security issues.
Remediation
Review all identified API endpoints and implement the following data protection measures:
1. Apply the principle of least privilege: Only return sensitive data fields when absolutely necessary for the application's functionality. Remove PII from responses where it is not required.
2. Implement field-level access controls: Filter response data based on user roles and permissions. Example implementation:
// Filter sensitive fields based on user permissions
function filterSensitiveData(data, userRole) {
const sensitiveFields = ['ssn', 'dateOfBirth', 'phoneNumber'];
if (userRole !== 'admin') {
sensitiveFields.forEach(field => delete data[field]);
}
return data;
}3. Use data masking or redaction: When sensitive data must be displayed, consider partial masking (e.g., showing only last 4 digits of phone numbers).
4. Conduct a data classification audit: Document which endpoints handle sensitive data and ensure appropriate security controls (encryption in transit via TLS, logging restrictions, rate limiting) are applied.
5. Review and strengthen related security controls: Given the presence of sensitive data, prioritize remediation of any authentication, authorization, or injection vulnerabilities that could expose these endpoints to unauthorized access.