CWE-208 – Observable Timing Discrepancy
Description Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals...
CWE-212 – Improper Removal of Sensitive Information Before Storage or Transfer
Description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes...
CWE-213 – Exposure of Sensitive Information Due to Incompatible Policies
Description The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according...
CWE-214 – Invocation of Process Using Visible Sensitive Information
Description A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system....
CWE-215 – Insertion of Sensitive Information Into Debugging Code
Description The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging,...
CWE-216 – DEPRECATED: Containment Errors (Container Errors)
Description This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name...
CWE-217 – DEPRECATED: Failure to Protect Stored Data from Modification
Description This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766...