CWE-201 - Insertion of Sensitive Information Into Sent Data
CWE-201
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Insertion of Sensitive Information Into Sent Data
- Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).
- Common Consequences
Scope: Confidentiality
Impact: Read Files or Directories, Read Memory, Read Application Data
Notes: Sensitive data may be exposed to attackers.
- Related Weaknesses
- Related Alerts
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website