CWE-489 - Active Debug Code
CWE-489
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Active Debug Code
- Description
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
A common development practice is to add "back door" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the product. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the product.
- Common Consequences
Scope: Confidentiality, Integrity, Availability, Access Control, Other
Impact: Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context
Notes: The severity of the exposed debug application will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug application will allow an attacker complete control over the web application and server, as well as confidential information that either of these access.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website