ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

verifySSN: Area code can be larger than 740

Open jakubsuchy opened this issue 2 years ago • 2 comments

The United States Social Security Number area code used to startwith a number less than 740 bt this is no longer the case:

https://www.ssa.gov/history/ssn/geocard.html

There are now routinely SSNs with area code larger than 740.

https://github.com/SpiderLabs/ModSecurity/blob/60f802e4801c8a4fee8e2caac90462e53651971f/src/operators/verify_ssn.cc#L103

jakubsuchy avatar Aug 21 '23 14:08 jakubsuchy

Hello @jakubsuchy ,

My skim of the documents suggests that the U.S. government is still not issuing numbers in the 900s. Should we perhaps consider including that in the if statement (instead of only rejecting '666')?

martinhsv avatar Sep 19 '23 14:09 martinhsv

This doc says they now issue those I think: https://www.ssa.gov/employer/randomization.html

"Previously unassigned area numbers were introduced for assignment excluding area numbers 000, 666 and 900-999."

jakubsuchy avatar Mar 02 '24 13:03 jakubsuchy