Timestamp Disclosure issue from OWASP
Unanswered
Joseph posted this in #help-forum
JosephOP
Hi folks, I would like to ask you for the help on this issue regarding the
If there is any key word or article could let me know how to repair it?
I'm trying to understand what happened under the hood for this issue, but looks like this alert is a a false positive that the 1540483477 is generated during the packaging phase by using
Here is what I got from OWASP
Thank you.
timestamp disclosure from OWASP. If there is any key word or article could let me know how to repair it?
I'm trying to understand what happened under the hood for this issue, but looks like this alert is a a false positive that the 1540483477 is generated during the packaging phase by using
npm, and should be for hash value, not for translate to datetime value as OWASP said.Here is what I got from OWASP
Url: http://domain:1234/_next/static/chunks/36-8960c914645752bb.js
Risk: Low
Confidence: Low
Evidence: 1540483477
CWE ID: 200
WASC ID: 13
Description:
A timestamp was disclosed by the application/web server - Unix
Other info:
1540483477, which evaluates to: 2018-10-26 00:04:37
Solution:
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.Thank you.