Description
Private IPv4 addresses are reserved for use within private networks such as local area networks (LANs). Revealing private IP addresses can provide insights into the IP addressing scheme used within the private network. While this information itself may not directly impact the target, it can aid attackers in reconnaissance and help them better understand the target network’s topology and infrastructure.
Recommendation
Minimize the disclosure of private IP addresses, ensuring they are not unintentionally exposed in publicly accessible resources such as web pages, APIs, or error messages. Implement access controls and proper network segmentation to limit unauthorized access to internal network information.
References
- RFC 1918: Address Allocation for Private Internets
- Understanding Private IP Addresses
- Best Practices for Protecting Private IP Address Disclosure
- CWE-200
- CAPEC-118
- OWASP 2021-A5