Skip to content

Email Exposure Analyzer

Configuration Name: EmailExposure


The EmailExposure analyzer reports when an operation exposes an email address in a response. A finding is reported when a response contains a key "email" with a value that is a matches the format of an email address.

Faults Reported

Fault Identifier Title Summary Solution Severity
CWE-213 Exposure of Sensitive Information Application response contains an email address, which may or may not be intended. Verify whether an email address was expected to be found in the response. Verify that the operation has proper access control such that that a user cannot access another user's personal information. low