Read Time:27 Second

Description

The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-209

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Implementation, Build and Compilation

Description: 

Debugging information should not make its way into a production release.

Phase: Implementation, Build and Compilation

Description: 

Debugging information should not make its way into a production release.

CVE References

  • CVE-2005-1745
    • Infoleak of sensitive information in error message (physical access required).