Slashdot Mirror

← Back to Stories (view on slashdot.org)

Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments

Posted by Soulskill on Wednesday October 7, 2015 @03:52AM from the in-the-case-of-face-v.-palm dept.

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

2 of 41 comments (clear)

Min score:

Reason:

Sort:

Somethings rotten by Anonymous Coward · 2015-10-07 04:35 · Score: 0, Redundant

In Denmark.
Re:Similar experience here by Anonymous Coward · 2015-10-07 05:10 · Score: 0, Redundant

Whenever I get modpoints, I'll just mod all your posts as troll until you stop setting the font.