Excessive Data Exposure is a threat that can be introduced by many things, including error messages that show too much information or even displaying obfuscated information.
Discription
In the case of Clubhouse, an API call was made resulting in the token exchange routed through the app vendor servers to establish a connection between users. The information is then sent unencrypted, containing metadata about the channel, such as whether a user has requested to join a chatroom, the users Clubhouse id number and whether they have muted themselves. This is where the application developers introduced an Excessive Data Exposure Threat #3 on OWASP API Top 10 list
https://t.co/eKyPg0ZiWC
References
Back to Main