Information Leakage / Private IP Addresses Disclosed
Description
Private IP addresses disclosed, is a vulnerability that occurs when private IP addresses are disclosed to an untrusted source. Private IP addresses are the IP addresses that are used within a private network, as opposed to public IP addresses which are used within the public Internet. As per the OWASP Testing Guide, this vulnerability is categorized under the Infrastructure section.
Risk
Private IP addresses being disclosed can lead to various risks such as servers being exposed to untrusted sources, which can lead to attacks such as DDoS, or even data leakage. Furthermore, malicious actors can use private IP addresses in order to gain access to internal networks and systems. Therefore, this vulnerability can bring about a high security risk.
Solution
The solution to this vulnerability is to ensure that private IP addresses are not disclosed to any untrusted sources. This can be done by implementing a secure firewall that blocks access to private IP addresses from outside the internal network. Furthermore, logging of all external requests to private IP addresses should be enabled in order to identify any malicious actors.
Description
Private IP addresses disclosed, is a vulnerability that occurs when private IP addresses are disclosed to an untrusted source. Private IP addresses are the IP addresses that are used within a private network, as opposed to public IP addresses which are used within the public Internet. As per the OWASP Testing Guide, this vulnerability is categorized under the Infrastructure section.
Risk
Private IP addresses being disclosed can lead to various risks such as servers being exposed to untrusted sources, which can lead to attacks such as DDoS, or even data leakage. Furthermore, malicious actors can use private IP addresses in order to gain access to internal networks and systems. Therefore, this vulnerability can bring about a high security risk.
Solution
The solution to this vulnerability is to ensure that private IP addresses are not disclosed to any untrusted sources. This can be done by implementing a secure firewall that blocks access to private IP addresses from outside the internal network. Furthermore, logging of all external requests to private IP addresses should be enabled in order to identify any malicious actors.