Summary #

Invicti identified an Email Address Disclosure.

Impact #
Email addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email addresses may lead to social engineering attacks.
Remediation #
Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific email addresses from the website; should this be required, use submission forms for this purpose.
Classifications #
CAPEC-118; CWE-200; ISO27001-A.9.4.1; WASC-13; OWASP PC-C7 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo