Tag Archives: Exposure of Sensitive Information Due to Incompatible Policies

CWE-213 – Exposure of Sensitive Information Due to Incompatible Policies

Read Time:40 Second

Description

The product’s intended functionality exposes information to certain actors in accordance with the developer’s security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product’s administrator, users, or others whose information is being processed.

Modes of Introduction:

– Policy

 

 

Related Weaknesses

CWE-200

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

CVE References

  • CVE-2005-1205
    • Telnet protocol allows servers to obtain sensitive environment information from clients.
  • CVE-2005-0488
    • Telnet protocol allows servers to obtain sensitive environment information from clients.