Home / Vulnerabilities / Information / Credit Card Disclosure

Credit Card Disclosure

Severity: Information

Summary#

Invicti identified a possible credit card number disclosure.

Impact#

It is not mandatory for a merchant to require the security code for making a transaction, hence the card is still prone to fraud even if only its number is known to phishers.

Remediation#

We strongly advise you not to expose credit card numbers on your website.

Classifications#

OWASP 2017-A3, CAPEC-118, ISO27001-A.18.1.4, PCI v3.2-6.5.3, WASC-13, OWASP 2013-A6, CWE-213

PCI Compliance - The Good, The Bad, and The Insecure
The Dark Web: Black Market Websites, Script Kiddies, Hacking and more...
Insecure Direct Object References (IDOR) Vulnerability References
PCI Compliance - The Good, The Bad, and The Insecure - Part 2

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works

Related Articles

Build your resistance to threats. And save hundreds of hours each month.