Tag Archives: Exposure of Sensitive Information to an Unauthorized Actor

CWE

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

Read Time:1 Minute, 47 Second

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-668

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2001-1483
    • Enumeration of valid usernames based on inconsistent responses
  • CVE-2001-1528
    • Account number enumeration via inconsistent responses.
  • CVE-2004-2150
    • User enumeration via discrepancies in error messages.
  • CVE-2005-1205
    • Telnet protocol allows servers to obtain sensitive environment information from clients.
  • CVE-2002-1725
    • Script calls phpinfo(), revealing system configuration to web user
  • CVE-2002-0515
    • Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
  • CVE-2004-0778
    • Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
  • CVE-2000-1117
    • Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
  • CVE-2003-0190
    • Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
  • CVE-2008-2049
    • POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.
  • CVE-2007-5172
    • Program reveals password in error message if attacker can trigger certain database errors.
  • CVE-2008-4638
    • Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).
  • CVE-2007-1409
    • Direct request to library file in web application triggers pathname leak in error message.
  • CVE-2005-0603
    • Malformed regexp syntax leads to information exposure in error message.
  • CVE-2003-1078
    • FTP client with debug option enabled shows password to the screen.