Vulnerabilities/

Sensitive Data Disclosure

Severity:
Medium

Description

Sensitive data disclosure occurs when confidential information such as API tokens, access keys, secrets, or credentials are exposed in publicly accessible content. This can happen through HTML, JavaScript, error messages, comments, or configuration files, and may allow attackers to gain unauthorized access to systems or services.

Recommendation

First of all revoke the exposed secret. Scan and monitor code, configuration files, and web content to detect and remove sensitive data. Use environment variables or secrets management tools for handling credentials. Never hardcode secrets in source files or expose them in client-side code. Implement security reviews in your development pipeline to catch leaks before deployment.

References

Related Issues

Tags:
Information Disclosure
Sensitive Data Exposure
API Security
Anything's wrong? Let us know Last updated on August 01, 2025

This issue is available in SmartScanner Professional

See Pricing