alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~129~~	Closed	~~Sensitive Personal and Financial Data Exposure via Web~~ ...	jignesh01	Task Description Description: The invoice issued by AlwaysData contains sensitive personal and financial information, which is publicly accessible through a web archive. This includes: Personal details of the customer (Name: Simon Amour, Email: simondiligues@outlook.com). Banking information such as the IBAN and BIC codes. The invoice total and payment details. Steps to Reproduce: 1.Access the : https://web.archive.org/web/20220713065916/https://admin.alwaysdata.com/billing/337102/pdf/?user_id=150041&token=1657692793-a13e927142b2d5d7f427 2.View the invoice, noting that it contains unredacted sensitive information, such as: IBAN: FR76 1027 8060 4100 0205 8810 110 BIC: CMCIFR2A Customer's Full Name: Simon Amour Customer’s Email: simondiligues@outlook.com 3.The invoice is accessible without authentication, allowing any user to view it. Impact: This exposure of sensitive financial information could lead to identity theft, fraud, and financial loss. Unauthorized access to such data can also result in reputation damage for both the service provider (AlwaysData) and the customer (Simon Amour). Suggested Remediation: Remove the exposed document from the public web archive immediately. Redact sensitive details such as IBAN, BIC, and personal information from invoices before uploading them to any public platform. Implement access control mechanisms so that sensitive data is only accessible by authorized users. Regularly audit publicly accessible data and ensure no personal or sensitive information is exposed.

~~129~~

Closed

~~Sensitive Personal and Financial Data Exposure via Web~~ ...

Task Description

Description:
The invoice issued by AlwaysData contains sensitive personal and financial information, which is publicly accessible through a web archive. This includes:

Personal details of the customer (Name: Simon Amour, Email: simondiligues@outlook.com).
Banking information such as the IBAN and BIC codes.
The invoice total and payment details.

Steps to Reproduce:
1.Access the : https://web.archive.org/web/20220713065916/https://admin.alwaysdata.com/billing/337102/pdf/?user_id=150041&token=1657692793-a13e927142b2d5d7f427

2.View the invoice, noting that it contains unredacted sensitive information, such as:
IBAN: FR76 1027 8060 4100 0205 8810 110
BIC: CMCIFR2A
Customer's Full Name: Simon Amour
Customer’s Email: simondiligues@outlook.com

3.The invoice is accessible without authentication, allowing any user to view it.

Impact:
This exposure of sensitive financial information could lead to identity theft, fraud, and financial loss. Unauthorized access to such data can also result in reputation damage for both the service provider (AlwaysData) and the customer (Simon Amour).

Suggested Remediation:
Remove the exposed document from the public web archive immediately.
Redact sensitive details such as IBAN, BIC, and personal information from invoices before uploading them to any public platform.
Implement access control mechanisms so that sensitive data is only accessible by authorized users.
Regularly audit publicly accessible data and ensure no personal or sensitive information is exposed.

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task