Email Address Disclosure

Severity: Information

Summary#

Invicti identified an Email Address Disclosure.

Impact#

Email addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email addresses may lead to social engineering attacks.

Remediation#

Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific email addresses from the website; should this be required, use submission forms for this purpose.

Classifications#

WASC-13, CAPEC-118, CWE-200, ISO27001-A.9.4.1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Email Address Disclosure

Related Articles

Build your resistance to threats. And save hundreds of hours each month.