- Status Closed
-
Assigned To
cbay - Private
Attached to Project: Security vulnerabilities
Opened by igr1s99 - 04.03.2025
Last edited by cbay - 04.03.2025
Opened by igr1s99 - 04.03.2025
Last edited by cbay - 04.03.2025
FS#133 - Sensitive data exposure
A PDF file containing bank account details and sensitive codes is publicly accessible without authentication. This exposure poses a high risk as it could lead to financial fraud, identity theft, or unauthorized transactions.
Steps To Reproduce:
Locate the exposed PDF file: Access the file directly via the URL:
https://share.alwaysdata.com/IBAN.pdf ,https://static.alwaysdata.com/docs/IBAN.pdf
No authentication is required to view the pdf .
Confirm sensitive data exposure:
Open the PDF and verify that it contains: Bank account number Sensitive codes BIC (Bank Identifier Code)
Impact:
🔴 Severity: High
Financial Risk: Attackers could misuse exposed bank details for fraudulent transactions or identity theft. Compliance Violation: The exposure may violate GDPR, PCI DSS, and financial security policies. Reputation Damage: If exploited, this could lead to customer trust loss and regulatory fines.
Recommendation:
Restrict Access: Implement authentication & access control for sensitive files.
Disable Directory Listing: Prevent public file browsing on the server.
Remove Exposed Files: Securely delete or relocate sensitive PDFs.
Use Robots.txt & No-Index Headers: Prevent search engines from indexing sensitive documents.
Supporting Material/References:
Exposed URL :https://share.alwaysdata.com/IBAN.pdf https://static.alwaysdata.com/docs/IBAN.pdf
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task