Credit Card Disclosure

Severity: Information

Summary#

Invicti identified a possible credit card number disclosure.

Impact#

It is not mandatory for a merchant to require the security code for making a transaction, hence the card is still prone to fraud even if only its number is known to phishers.

Remediation#

We strongly advise you not to expose credit card numbers on your website.

Classifications#

CAPEC-118, PCI v3.2-6.5.3, ISO27001-A.18.1.4, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CWE-213

Credit Card Disclosure

Related Articles

Build your resistance to threats. And save hundreds of hours each month.