Web Application Security
Social Security Number in Hidden field Nov 23 2014 08:12PM
Jyotiranjan Acharya (jyotiranjan121 gmail com) (1 replies)
Re: Social Security Number in Hidden field Nov 23 2014 10:28PM
Robin Wood (robin digi ninja) (1 replies)
Is there any reason for the SSN being included in the page? Is it
used, i.e. can it be edited on the page?

If not it shouldn't be there by the sound of it.

Robin

On 23 November 2014 at 20:12, Jyotiranjan Acharya
<jyotiranjan121 (at) gmail (dot) com [email concealed]> wrote:
> Hello,
>
> There is an application which is present in an intranet. When, the
> Admin of the application loads the user information page, a field
> called SSN appears. It shows ###-##-####. But the actual SSN remains
> in a hidden field.
>
> Do you think there should be a security issue with this ?
>
> Regards
> Jyoti
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: Social Security Number in Hidden field Nov 23 2014 11:38PM
snipe (snipe snipe net) (1 replies)
Re: Social Security Number in Hidden field Nov 23 2014 11:54PM
Abhay Rana (capt n3m0 gmail com) (2 replies)
RE: Social Security Number in Hidden field Nov 24 2014 03:17PM
Jeffory Atkinson (jatkinson zelvin com) (1 replies)
RE: [EXT] RE: Social Security Number in Hidden field Nov 24 2014 08:58PM
Hambleton, Robert F (RHamble citgo com)
Re: Social Security Number in Hidden field Nov 24 2014 04:31AM
Lorne Kates (lkates gmail com) (1 replies)
Re: Social Security Number in Hidden field Nov 24 2014 07:11AM
Antti Virtanen (Antti Virtanen solita fi)


 

Privacy Statement
Copyright 2010, SecurityFocus