logo

CWE-201 - Insertion of Sensitive Information Into Sent Data

CWE-201

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Insertion of Sensitive Information Into Sent Data

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).

Common Consequences

Scope: Confidentiality

Impact: Read Files or Directories, Read Memory, Read Application Data

Notes: Sensitive data may be exposed to attackers.

Related Weaknesses
Related Alerts
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website