CWE-526 – Exposure of Sensitive Information Through Environmental Variables

Read Time:15 Second

Description

Environmental variables may contain sensitive information about a remote server.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-497

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Protect information stored in environment variable from being exposed to the user.

CVE References