Information Leakage / Private IP Addresses Disclosed

Description

Private IP addresses disclosed, is a vulnerability that occurs when private IP addresses are disclosed to an untrusted source. Private IP addresses are the IP addresses that are used within a private network, as opposed to public IP addresses which are used within the public Internet. As per the OWASP Testing Guide, this vulnerability is categorized under the Infrastructure section.

Risk

Private IP addresses being disclosed can lead to various risks such as servers being exposed to untrusted sources, which can lead to attacks such as DDoS, or even data leakage. Furthermore, malicious actors can use private IP addresses in order to gain access to internal networks and systems. Therefore, this vulnerability can bring about a high security risk.

Solution

The solution to this vulnerability is to ensure that private IP addresses are not disclosed to any untrusted sources. This can be done by implementing a secure firewall that blocks access to private IP addresses from outside the internal network. Furthermore, logging of all external requests to private IP addresses should be enabled in order to identify any malicious actors.