logo

CWE-215 - Insertion of Sensitive Information Into Debugging Code

  • Abstraction:Base
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2023-06-29

Weakness Name

Insertion of Sensitive Information Into Debugging Code

Description

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the product is operating in a production environment, then this sensitive information may be exposed to attackers.

Common Consequences

Scope: Confidentiality

Impact: Read Application Data

Related Weaknesses

CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

Related Alerts

.env Information LeakMedium

Spring Actuator Information LeakMedium

Trace.axd Information LeakMedium