Date of Birth Exposure Analyzer
Configuration Name: DOBExposure
Description
The DOBExposure analyzer reports when an operation exposes a date of birth. A
finding is reported when a response contains a value that is a string that
matches common date of birth formats.
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-213 | Exposure of Sensitive Information | Application response contains a date of birth, which may or may not be intended. | Verify whether a data of birth was expected to be found in the response. Verify that the operation has proper access control such that that a user cannot access another user's personal information. | low |