This article is a part of our Web Security Knowledge Base (back to index)
Why Information Disclosure - Sensitive Information in URL can be dangerous
The ‘Information Disclosure - Sensitive Information in URL' means that the HTTP request possibly contains sensitive information leaked in the URL. Such behavior can lead to unauthorized disclosure, causing the web page to violate PCI and most organizational compliance policies. As a result, error messages during PCI compliance tests will appear.
How to fix Information Disclosure - Sensitive Information in URL
Make sure that your web application does not pass any sensitive information in URLs preventing it from sensitive information disclosure.
How does ScanRepeat report Information Disclosure - Sensitive Information in URL
ScanRepeat checks every HTTP request URL for potential sensitive information disclosure. It returns an error message for every URL with sensitive data exposure, like credit card number, email address or U.S. social security number.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now