CWE-215 - Insertion of Sensitive Information Into Debugging Code

CWE-215

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Insertion of Sensitive Information Into Debugging Code

Description: The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the product is operating in a production environment, then this sensitive information may be exposed to attackers.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data

Related Weaknesses: CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

Related Alerts

Spring Actuator Information LeakMedium

.env Information LeakMedium

Trace.axd Information LeakMedium

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard