Tag Archives: CWE- 531

CWE-531 – Inclusion of Sensitive Information in Test Code

Read Time:22 Second

Description

Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.

Modes of Introduction:

– Testing

 

 

Related Weaknesses

CWE-540

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Distribution, Installation

Description: 

Remove test code before deploying the application into production.

CVE References