logo

CWE-201 - Insertion of Sensitive Information Into Sent Data

CWE-201

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Insertion of Sensitive Information Into Sent Data

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).

Common Consequences

Scope: Confidentiality

Impact: Read Files or Directories, Read Memory, Read Application Data

Notes: Sensitive data may be exposed to attackers.

Related Weaknesses

CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

CWE-202Exposure of Sensitive Information Through Data QueriesMedium

CWE-209Generation of Error Message Containing Sensitive InformationHigh

Related Alerts

Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)Low

Big Redirect Detected (Potential Sensitive Information Leak)Low

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website