Why This Issue Is Important
Using confidential data, such as personal identifiers or financial information, as a cache key in an Apigee proxy is a serious security risk. Cache keys are not designed to store or protect sensitive data, and using such data as a key can lead to unintended exposure of that information. If the cache is accessible to unauthorized users or if the cache keys are logged or otherwise exposed, it could result in a data breach, compromising the confidentiality of the information.
Confidential data includes items like credit card numbers, social security numbers, personal identification numbers (PINs), and other sensitive information. These should be securely handled, typically through encryption or hashing, to prevent unauthorized access.
How This Issue Is Detected
CodeSent detects this issue by analyzing the Cache-related policies within the proxy to identify if any confidential data is being used as a cache key. The tool checks if the cache key uses any variables (as well as their origins) that are classified as confidential data, such as msisdn, pin, pan, etc. If such variables are detected, CodeSent flags this as a potential security risk.
How to Fix the Issue
To fix this issue, you should avoid using confidential data as cache keys. If you must use such data, ensure it is securely hashed before being used.