Private IP Disclosure via WebSocket
- Risk:
Low
- Type:
- WebSocket Passive
- Summary
- A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the incoming WebSocket message. This information might be helpful for further attacks targeting internal systems.
- Solution
- Remove the private IP address from the WebSocket messages.
- References