Exposure of Sensitive Data Through Data Queries
Description When trying to keep information confidential, an attacker can often infer some of the information by using statistics. Extended DescriptionIn situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user. Likelihood of Exploit: Medium Applicable PlatformsLanguage Class: All Time Of Introduction
Related Attack Patterns Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative Examples (Details) White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |