Private IPv6 Address Disclosure
Impact: Informational
Description
Private IPv6 addresses are reserved for use within private networks and are not routable on the public Internet. Disclosing private IPv6 addresses can provide attackers with insights into the internal network structure and topology. While this information may not directly impact the target, it can aid attackers in reconnaissance and help them better understand the target network’s infrastructure.
Recommendation
To mitigate the risk of disclosing private IPv6 addresses, ensure they are not unintentionally exposed in publicly accessible resources such as web pages, APIs, or error messages. Implement access controls and proper network segmentation to restrict unauthorized access to internal network information.
References
- Best Practices for Protecting Private IP Address Disclosure
- CWE-200
- OWASP 2021-A5
- RFC 1918: Address Allocation for Private Internets
- Understanding Private IP Addresses
👉 You might also like:
Private IPv4 Address Disclosure - Vulnerability
Email Address Disclosure - Vulnerability
Arbitrary Source Code Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Last updated on May 13, 2024