Image Exposes Location or Privacy Data
- Risk:
Informational
- Type:
- Passive
- CWE:
- 200
- Summary
- The image was found to contain embedded location information, such as GPS coordinates, or another privacy exposure, such as camera serial number. Depending on the context of the image in the website, this information may expose private details of the users of a site. For example, a site that allows users to upload profile pictures taken in the home may expose the home’s address.
- Solution
- Before allowing images to be stored on the server and/or transmitted to the browser, strip out the embedded location information from image. This could mean removing all Exif data or just the GPS component. Other data, like serial numbers, should also be removed.
- References