The product performs an indexing routine against private documents, but does not sufficiently verify that the actors who can access the index also have the privileges to access the private documents. When an indexing routine is applied against a group of private documents, and that index's results are available to outsiders who do not have access to those documents, then outsiders might be able to obtain sensitive information by conducting targeted searches. The risk is especially dangerous if search results include surrounding text that was not part of the search query. This issue can appear in search engines that are not configured (or implemented) to ignore critical files that should remain hidden; even without permissions to download these files directly, the remote user could read them. 1000 699 Weakness ChildOf 200 888 Category ChildOf 895 Architecture and Design Implementation Confidentiality Read application data This weakness is probably under-studied and under-reported Insecure Indexing 48 Anonymous Tool Vendor (under NDA) Eric Dalci Cigital 2008-07-01 updated Time_of_Introduction CWE Content Team MITRE 2008-09-08 updated Description, Relationships, Other_Notes, Taxonomy_Mappings CWE Content Team MITRE 2009-10-29 updated Other_Notes, Research_Gaps CWE Content Team MITRE 2010-02-16 updated Taxonomy_Mappings CWE Content Team MITRE 2011-03-29 updated Name CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2012-05-11 updated Relationships Information Leak Through Insecure Indexing Information Leak Through Indexing of Private Data