Information Exposure
Description An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. Extended DescriptionThe information eitheris regarded as sensitive within the product's own functionality, such as a private message; orprovides information about the product or its environment that could be useful in an attack but is normally not available to the attacker, such as the installation path of a product that is remotely accessible.Many information exposures are resultant (e.g. PHP script error revealing the full path of the program), but they can also be primary (e.g. timing discrepancies in cryptography). There are many different types of problems that involve information exposures. Their severity can range widely depending on the type of information that is revealed. Likelihood of Exploit: High Applicable PlatformsLanguage Class: All Time Of Introduction
Related Attack Patterns Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative ExamplesNone White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |