Tag Archives: Java Runtime Error Message Containing Sensitive Information

CWE-537 – Java Runtime Error Message Containing Sensitive Information

Read Time:17 Second

Description

In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-211

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Implementation

Description: 

Do not expose sensitive error information to the user.

CVE References