Closed jaleelsyed closed 1 year ago
Message : This issue is manually closed from FX control plane.
Title: Pii Vulnerability on GET:/api/v1/bank-account/{id} Project: NB 58 Description:
Assertion
<p><font style="color: #ef5350;"><b>Overview:</b> Personally Identifiable Information or PII is any data that can be used to break the anonymity of a interaction. It is closely tied to privacy and tracking regulations. Examples of PII are government ID numbers, address, phone numbers. </font></p>
<p><font style="color: #ef5350;"><b>Severity:</b> Varies by data exposed</font></p>
<p><font style="color: #ef5350;"><b>Impact:</b> High Business Impact</font></p>
<p><font style="color: #ef5350;"><b>Exploitation:</b> Medium</font></p>
<p><font style="color: #ef5350;"><b>References:</b></font>
<ul>
<li><a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">OWASP Sensitive Data Exposure</li>
</ul>
</p>
Risk: Pii Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/bank-account/null Environment: Master Playbook: ApiV1BankAccountIdGetPii Researcher: Default
QUICK TIPS
Suggestion: Effort Estimate: null Hrs Wire Logs:
IMPORTANT LINKS
Vulnerability Details: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c041b8fd1254/details
Project: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard
Environment: https://cloud.apisec.ai/#/app/config-environments/projects/8adc80ec84e1cb220184e5f27d494dfb/environmentList
Coverage: https://cloud.apisec.ai/#/app/config-categories/projects/8adc80ec84e1cb220184e5f27d494dfb/categories
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---
Title: Pii Vulnerability on GET:/api/v1/bank-account/{id} Project: NB 58 Description:
Assertion
Risk: Pii Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/bank-account/null Environment: Master Playbook: ApiV1BankAccountIdGetPii Researcher: [apisec Bot]
QUICK TIPS
Suggestion: Effort Estimate: null Hrs Wire Logs: 03:03:23 [D] [ AVBAIGPii] : Endpoint [http://netbanking.apisec.ai:8080/api/v1/bank-account/null] 03:03:23 [D] [ AVBAIGPii] : Method [GET] 03:03:23 [D] [ AVBAIGPii] : Authorization [Default] 03:03:23 [D] [ AVBAIGPii] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization:"Basic *****"]] 03:03:23 [D] [ AVBAIGPii] : Request [] 03:03:23 [D] [ AVBAIGPii] : Status code [200] 03:03:23 [D] [ AVBAIGPii] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=NTJkZjg0YTktOWQ2Yi00NTMzLTkzNzItOTc0ZGZmOTY5ZmQ2; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Tue, 17 Jan 2023 15:03:23 GMT"]] 03:03:23 [D] [ AVBAIGPii] : Response [Hidden]. //To view the response set 'showResponse: true' under policies 03:03:23 [D] [ AVBAIGPii] : Response time [204] 03:03:23 [D] [ AVBAIGPii] : Response size [190] 03:03:23 [I] [ AVBAIGPii] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed]
IMPORTANT LINKS
Vulnerability Details: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c041b8fd1254/details
Project: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard
Environment: https://cloud.apisec.ai/#/app/config-environments/projects/8adc80ec84e1cb220184e5f27d494dfb/environmentList
Scan Dashboard: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/profiles/8adc80eb84e1c98e0184e5f2a02953c6/runs/8adc800d85bef5300185c04170912a01
Playbook: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/playbooks/ApiV1BankAccountIdGetPii
Coverage: https://cloud.apisec.ai/#/app/config-categories/projects/8adc80ec84e1cb220184e5f27d494dfb/categories
Code Sample: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c041b8fd1254/codesamples
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---