Read Time:22 Second
Description
If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Confidentiality: Read Application Data
Potential Mitigations
Phase: Architecture and Design
Description:
Do not store sensitive information in include files.
Phase: Architecture and Design, System Configuration
Description:
Protect include files from being exposed.