BaseIncomplete

CWE-1295Debug Messages Revealing Unnecessary Information

Category: config

Description

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control / Accountability / Authentication / Authorization / Non-Repudiation — Read Memory, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context

Potential mitigations· 1

  • [Implementation]Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response.

Related CAPEC attack patterns· 1

CAPEC-121

References

  1. https://cwe.mitre.org/data/definitions/1295.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploit Non-Production Interfacescapec-121100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insertion of Sensitive Information Into Debugging Code
CWE
Generation of Error Message Containing Sensitive Information
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Insertion of Sensitive Information into Log File
CWE
Logging of Excessive Data
CWE
Omission of Security-relevant Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.