Skip to content

Credit Card Exposure Analyzer

Configuration Name: CCExposure


The CCExposure analyzer reports when an operation exposes a credit card number. A finding is reported when a response contains a value that is a string that matches global credit card number formats.

Faults Reported

Fault Identifier Title Summary Solution Severity
CWE-213 Exposure of Sensitive Information Application response contains a credit card number, which may or may not be intended. Complete credit card numbers should not be returned in a response. Use a masked number to identify a credit card to a user. Verify that the operation has proper access control such that that a user cannot access another user's personal information. low