Read Time:27 Second
Description
The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Confidentiality: Read Application Data
Potential Mitigations
Phase: Implementation, Build and Compilation
Description:
Debugging information should not make its way into a production release.
Phase: Implementation, Build and Compilation
Description:
Debugging information should not make its way into a production release.
CVE References
- CVE-2005-1745
- Infoleak of sensitive information in error message (physical access required).