|
|
|
|
CWE-210 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 210 (Weakness Base) | | Description | Summary The software identifies an error condition and creates its own diagnostic or error
messages that contain sensitive information. | | Functional Area | Non-specific | | Potential Mitigations | Implementation: Any error should be parsed for dangerous revelations. Build: Debugging information should not make its way into a production release. Handle exceptions internally and do not display errors containing potentially
sensitive information to a user. Create default error pages if necessary. | | Observed Examples | | Reference | Description |
|---|
| CVE-2005-1745 | Infoleak of sensitive information in error message (physical access required). |
| | Context Notes | Attack: trigger error, monitor responses. | | Relationships | | | Source Taxonomies | PLOVER - Product-Generated Error Message Infoleak | | Applicable Platforms | All |
|