Tax numbers found in code, log and migrations

Greetings fellows
I have a doubt about a finding, because there is some tax numbers in the code . So that qualifies as a business leakage?. How much private is a tax number ?.

Also the thing that they did with these info is like mocks and migrations.

Does that qualify as private data ?

by the way thanks for your help

How do you know that those numbers are not test data?

1 Like

Is this a real tax number? or a fake tax number? If real then vuln, else not. Test dada should be fake, or with masking, etc.

sorry for be a nuisance. I know that that I must ask a question per thread. but this tax numbers are writed in the logs

the numbers are real because I have checked in a goverment system

I have checked the numbers againts SII. Chilean internal tax service, and those numbers appear with same name and info that are writed in the code

mmm, I suggest that report that as a vulnerability

1 Like

I agree, @elated-colden you should report it as a vulnerability.

1 Like