News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Information Disclosure - Suspicious Comments in XML via WebSocket

The 'Information Disclosure - Suspicious Comments in XML via WebSocket' vulnerability typically arises when sensitive information or comments are inadvertently exposed in XML payloads sent over a WebSocket connection, making it accessible to malicious attackers.

Vulnerabilities

Username Hash Found in WebSocket message

The 'Username Hash Found in WebSocket message' vulnerability means that the username or a related hash is being sent and exposed through WebSocket messages, which can be intercepted and exploited by attackers.

Vulnerabilities

Private IP Disclosure via WebSocke

The 'Private IP Disclosure via WebSocke' vulnerability typically arises when an attacker can easily collect sensitive information, such as internal IP addresses, from WebSocket responses. When an attacker identifies internal IP addresses through WebSocket responses, they can potentially target your internal network.

Vulnerabilities

Personally Identifiable Information via WebSocket

The 'PII via WebSocket' vulnerability occurs when sensitive user information (such as names, email addresses, or personal data) is transmitted insecurely over a WebSocket connection, making it accessible to potential attackers.

Vulnerabilities

Email address found in WebSocket message

The 'Email address found in WebSocket message’ vulnerability indicates that sensitive information, such as email addresses, is being exposed or leaked through WebSocket messages in your web application which can be intercepted or accessed by malicious attackers, leading to data breaches or privacy violations.

Vulnerabilities

Information Disclosure - Debug Error Messages via WebSocket

The 'Information Disclosure - Debug Error Messages via WebSocket' vulnerability involves WebSocket communication revealing debug error messages. These messages often contain sensitive information that can be exposed and exploited by potential attackers.

Vulnerabilities