DerScanner
Home / Vulnerability Database / Go : Privacy violation
Go

Go : Privacy violation

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic Failures
OWASP MASVS
V2: 2.3.(L1/L2/L1+R/L2+R)V2: 2.4.(L1/L2/L1+R/L2+R)V2: 2.10.(L2/L2+R)
OWASP ASVS
Data Protection
HIPAA
§164.312 (a)(1)
CWE
CWE-319CWE-359CWE-1032

Overview

Privacy of personal user data may be violated. This can break the law and harm the reputation of the application.

Valuable personal data may get into the application from a variety of sources: directly from the user, from a database, from a third party storage. Often, this data is not marked as confidential or are valuable not by itself but only in a certain context.

Often, security and privacy of personal data conflict. From a security perspective, it is necessary to record information on all the activities in the system as detailed as possible, to later reveal traces of malicious actions. From the standpoint of privacy, on the contrary, the confidential information logging increases the risk of its leak. In this case, privacy should have a higher priority.

References

  1. OWASP Top 10 2017-A3-Sensitive Data Exposure
  2. OWASP Top 10 2013-A6-Sensitive Data Exposure
  3. CWE-359: Exposure of Private Information (‘Privacy Violation’)
  4. CWE-359: Exposure of Private Information (‘Privacy Violation’)
  5. UserPassword - Golang
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Go : Privacy violation in your application?

See also

Go

Go : Undocumented feature: special account

Go

Go : Nil salt

Go

Go : Logging into system output