Tag Archives: Server-generated Error Message Containing Sensitive Information

CWE-550 – Server-generated Error Message Containing Sensitive Information

Read Time:33 Second

Description

Certain conditions, such as network failure, will cause a server error message to be displayed.

While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-209

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Architecture and Design, System Configuration

Description: 

Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.

CVE References