Reino: Security Features

La seguridad de un software no es un software de seguridad. Nos preocupamos de cuestiones como la autenticación, el control de acceso, la confidencialidad, la criptografía y la gestión de privilegios.

Privacy Violation: Autocomplete

Universal

Abstract

La función de autocompletar formularios permite a algunos exploradores conservar información confidencial en su historial.

Explanation

Cuando la función de autocompletar está activada, algunos exploradores conservan los datos introducidos por los usuarios en distintas sesiones, lo cual podría permitir a alguien que utilice el equipo tras el usuario inicial ver la información enviada anteriormente.

References

[1] Pete Freitag Turn off autocomplete for credit card input

[2] Standards Mapping - Common Weakness Enumeration CWE ID 525

[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-000196, CCI-002361, CCI-004062

[4] Standards Mapping - General Data Protection Regulation (GDPR) Privacy Violation

[5] Standards Mapping - NIST Special Publication 800-53 Revision 4 AC-4 Information Flow Enforcement (P1), AC-12 Session Termination (P2), IA-5 Authenticator Management (P1)

[6] Standards Mapping - NIST Special Publication 800-53 Revision 5 AC-4 Information Flow Enforcement, AC-12 Session Termination, IA-5 Authenticator Management

[7] Standards Mapping - OWASP Application Security Verification Standard 4.0 8.2.1 Client-side Data Protection (L1 L2 L3), 8.1.1 General Data Protection (L2 L3), 8.1.2 General Data Protection (L2 L3)

[8] Standards Mapping - OWASP Mobile 2014 M4 Unintended Data Leakage

[9] Standards Mapping - OWASP Mobile 2024 M6 Inadequate Privacy Controls

[10] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-PLATFORM-3, MASVS-STORAGE-2

[11] Standards Mapping - OWASP Top 10 2007 A6 Information Leakage and Improper Error Handling

[12] Standards Mapping - OWASP Top 10 2013 A6 Sensitive Data Exposure

[13] Standards Mapping - OWASP Top 10 2017 A3 Sensitive Data Exposure

[14] Standards Mapping - OWASP Top 10 2021 A04 Insecure Design

[15] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 3.2

[16] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 3.2

[17] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 3.2

[18] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 3.2

[19] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 3.2

[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 3.2

[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 3.2

[22] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 3.3.1

[23] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 3.3.1

[24] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 3.3 - Sensitive Data Retention, Control Objective 6.1 - Sensitive Data Protection

[25] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 3.3 - Sensitive Data Retention, Control Objective 6.1 - Sensitive Data Protection

[26] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 3.3 - Sensitive Data Retention, Control Objective 6.1 - Sensitive Data Protection

[27] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[28] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[29] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[30] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[31] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[32] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[33] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3210.1 CAT II, APP3310 CAT I, APP3340 CAT I

[34] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[35] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[36] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[37] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[38] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[39] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[40] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[41] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[42] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[43] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[44] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[45] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[46] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[47] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[48] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-000060 CAT II, APSC-DV-001740 CAT I

[49] Standards Mapping - Web Application Security Consortium Version 2.00 Information Leakage (WASC-13)

[50] Standards Mapping - Web Application Security Consortium 24 + 2 Information Leakage

desc.content.html.privacy_violation_autocomplete