DerScanner
Home / Vulnerability Database / C-sharp : Hidden HTML field
C#

C-sharp : Hidden HTML field

Classification

HIPAA
§164.312 (e)(1)
CWE
CWE-472

Overview

The application uses a hidden field.

The developer could assume that users would not see the hidden field and would not be able to manipulate the data transferred through it. It is not so: attackers can transfer data, including malicious data, to hidden fields.

A hidden field must not be used to transfer valuable information. Its contents are cached by the browser, which can lead to data confidentiality loss.

References

  1. CWE-472: External Control of Assumed-Immutable Web Parameter
  2. OWASP Top 10 2013-A6-Sensitive Data Exposure
LOW

DerScanner Severity Score

Do you want to fix C-sharp : Hidden HTML field in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined