[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

File and Directory Information Exposure

ID: 538Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Implementation
  • Operation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Confidentiality
 		Read files or directories
 		 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
Operation
System Configuration
 		 Do not expose file and directory information to the user.
 		  

Relationships

Related CWETypeViewChain
CWE-538 ChildOf CWE-895 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:

  1. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 12: Information Leakage." Page 191'. Published on 2010.
CVE    10
CVE-2016-10399
CVE-2021-1406
CVE-2021-21250
CVE-2018-11798
...

© SecPod Technologies