CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.0.1)  
Search by ID:

CWE-214: Process Environment Information Leak

Individual Definition in a New Window
Process Environment Information Leak
Status: Incomplete
Weakness ID: 214 (Weakness Variant)
Description
Summary

A process is invoked with sensitive arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Extended Description

Many operating systems allow a user to list information about processes that are owned by other users. This information could include command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.

Affected Resources
* System Process
Potential Mitigations

Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

Demonstrative Examples

In the Java example below, the password for a keystore file is read from a system property. If the property is defined on the command line when the program is invoked (using the -D... syntax), the password may be displayed in the OS process list.

Java Example:
String keystorePass = System.getProperty("javax.net.ssl.keyStorePassword");
if (keystorePass == null) {
System.err.println("ERROR: Keystore password not specified.");
System.exit(-1);
}
 
...
Observed Examples
ReferenceDescription
PGP passphrase provided as command line argument.
username/password on command line allows local users to view via "ps" or other process listing programs
Kernel race condition allows reading of environment variables of a process that is still spawning.
Username/password on command line allows local users to view via "ps" or other process listing programs.
password passed on command line
password passed on command line
Other Notes

This can be an externally controlled infoleak, but some protection mechanisms may exist that could make it internally controlled.

Research Gaps

Under-studied, especially environment variables.

Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class200Information Leak (Information Disclosure)
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory634Weaknesses that Affect System Processes
Resource-specific Weaknesses (primary)631
Taxonomy Mappings
Mapped Taxonomy NameMapped Node Name
PLOVERProcess information infoleak to other processes
Applicable Platforms
Languages
All
Time of Introduction
* Architecture and Design
* Implementation
* Operation
Content History
Submissions
PLOVER. (Externally Mined)
Modifications
Sean Eidemiller. Cigital. 2008-07-01. (External)
added/updated demonstrative examples
Eric Dalci. Cigital. 2008-07-01. (External)
updated Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, Taxonomy_Mappings
CWE Content Team. MITRE. 2008-10-14. (Internal)
updated Description, Other_Notes
Previous Entry Names
* Process Information Leak to Other Processes (changed 2008-04-11)
Back to top
Page Last Updated: October 16, 2008
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us