The accidental exposure of sensitive information through sent data refers to the transmission of data which are either sensitive in and of itself or useful in the further exploitation of the system through standard data channels.
Time of Introduction
Technical Impact: Read files or
directories; Read memory; Read application data
Sensitive data may be exposed to attackers.
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user:
'root@localhost' (Using password: N1nj4) in
/usr/local/www/wi-data/includes/database.inc on line 4
The error clearly exposes the database credentials.
Specify which data in the software should be regarded as sensitive.
Consider which types of users should have access to which types of
Ensure that any possibly sensitive data specified in the requirements
is verified with designers to ensure that it is either a calculated risk
or mitigated elsewhere. Any information that is not necessary to the
functionality should be removed in order to lower both the overhead and
the possibility of security sensitive data being sent.
Phase: System Configuration
Setup default error messages so that unexpected errors do not disclose
Phase: Architecture and Design
Strategy: Separation of Privilege
Compartmentalize the system to have "safe" areas where trust
boundaries can be unambiguously drawn. Do not allow sensitive data to go
outside of the trust boundary and always be careful when interfacing
with a compartment outside of the safe area.
Ensure that appropriate compartmentalization is built into the system
design and that the compartmentalization serves to allow for and further
reinforce privilege separation functionality. Architects and designers
should rely on the principle of least privilege to decide when it is
appropriate to use and to drop system privileges.