1. Support Center
  2. Issue Definitions
  3. Social security numbers disclosed

Social security numbers disclosed

Description: Social security numbers disclosed

Applications sometimes disclose sensitive personal information such as social security numbers. Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. If a social security number is identified during a security assessment it should be verified, then application logic reviewed to identify whether its disclosure within the application is necessary and appropriate.


Vulnerability classifications

Typical severity


Type index (hex)


Type index (decimal)


Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Read more

Get Burp

Scan your web application from just $449.00

Find out more