CWE

Exposure of Core Dump File to an Unauthorized Control Sphere

ID: 528		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

The product generates a core dump file in a directory that is accessible to actors outside of the intended control sphere.

Applicable Platforms
None

Time Of Introduction

• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read application data Read files or directories

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
System Configuration		Protect the core dump files from unauthorized access.

Relationships

Related CWE	Type	View	Chain
CWE-528 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
Anonymous Tool Vendor (under NDA)
CERT C Secure Coding	MEM06-C	Ensure that sensitive data is not written out to disk
CERT C++ Secure Coding	MEM06-CPP	Ensure that sensitive data is not written out to disk

References:
None