alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~133~~	Closed	~~Sensitive data exposure~~	igr1s99	Task Description A PDF file containing bank account details and sensitive codes is publicly accessible without authentication. This exposure poses a high risk as it could lead to financial fraud, identity theft, or unauthorized transactions. Steps To Reproduce: Locate the exposed PDF file: Access the file directly via the URL: https://share.alwaysdata.com/IBAN.pdf ,https://static.alwaysdata.com/docs/IBAN.pdf No authentication is required to view the pdf . Confirm sensitive data exposure: Open the PDF and verify that it contains: Bank account number Sensitive codes BIC (Bank Identifier Code) Impact: 🔴 Severity: High Financial Risk: Attackers could misuse exposed bank details for fraudulent transactions or identity theft. Compliance Violation: The exposure may violate GDPR, PCI DSS, and financial security policies. Reputation Damage: If exploited, this could lead to customer trust loss and regulatory fines. Recommendation: Restrict Access: Implement authentication & access control for sensitive files. Disable Directory Listing: Prevent public file browsing on the server. Remove Exposed Files: Securely delete or relocate sensitive PDFs. Use Robots.txt & No-Index Headers: Prevent search engines from indexing sensitive documents. Supporting Material/References: Exposed URL :https://share.alwaysdata.com/IBAN.pdf https://static.alwaysdata.com/docs/IBAN.pdf

~~133~~

Closed

~~Sensitive data exposure~~

Task Description

A PDF file containing bank account details and sensitive codes is publicly accessible without authentication. This exposure poses a high risk as it could lead to financial fraud, identity theft, or unauthorized transactions.

Steps To Reproduce:

  Locate the exposed PDF file:
      Access the file directly via the URL:

  https://share.alwaysdata.com/IBAN.pdf ,https://static.alwaysdata.com/docs/IBAN.pdf

  No authentication is required to view the pdf .

Confirm sensitive data exposure:

  Open the PDF and verify that it contains:
      Bank account number
      Sensitive codes BIC (Bank Identifier Code)

Impact:

🔴 Severity: High

  Financial Risk: Attackers could misuse exposed bank details for fraudulent transactions or identity theft.
  Compliance Violation: The exposure may violate GDPR, PCI DSS, and financial security policies.
  Reputation Damage: If exploited, this could lead to customer trust loss and regulatory fines.

Recommendation:

Restrict Access: Implement authentication & access control for sensitive files.
Disable Directory Listing: Prevent public file browsing on the server.
Remove Exposed Files: Securely delete or relocate sensitive PDFs.
Use Robots.txt & No-Index Headers: Prevent search engines from indexing sensitive documents.
Supporting Material/References:

  Exposed URL :https://share.alwaysdata.com/IBAN.pdf
               https://static.alwaysdata.com/docs/IBAN.pdf

Showing tasks 1 - 1 of 1 Page 1 of 1

All Projects

Available keyboard shortcuts

Tasklist

Task Details

Task Editing