CWE-530 - Exposure of Backup File to an Unauthorized Control Sphere

CWE-530

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: Exposure of Backup File to an Unauthorized Control Sphere

Description: A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site.

Related Weaknesses: CWE-552Files or Directories Accessible to External Parties

Related Alerts: Backup File DisclosureMedium

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard