Email Exposure Analyzer
Configuration Name: EmailExposure
Description
The EmailExposure analyzer reports when an operation exposes an email address in a response. A finding is reported when a response contains a key "email" with a value that is a matches the format of an email address.
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-213 | Exposure of Sensitive Information | Application response contains an email address, which may or may not be intended. | Verify whether an email address was expected to be found in the response. Verify that the operation has proper access control such that that a user cannot access another user's personal information. | low |