[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

File and Directory Information Exposure

ID: 538Date: (C)2012-05-14   (M)2017-08-08
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Implementation
  • Operation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Confidentiality
 
Read files or directories
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
Operation
System Configuration
 
 Do not expose file and directory information to the user.
 
  

Relationships

Related CWETypeViewChain
CWE-538 ChildOf CWE-895 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:

  1. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 12: Information Leakage." Page 191'. Published on 2010.

© 2013 SecPod Technologies