BaseDraft

CWE-210Self-generated Error Message Containing Sensitive Information

Category: data-exposure

Description

The product identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 2

  • [Implementation, Build and Compilation]Debugging information should not make its way into a production release.
  • [Implementation, Build and Compilation]Debugging information should not make its way into a production release.

References

  1. https://cwe.mitre.org/data/definitions/210.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Generation of Error Message Containing Sensitive Information
CWE
Externally-Generated Error Message Containing Sensitive Information
CWE
Insertion of Sensitive Information into Log File
CWE
Insertion of Sensitive Information Into Debugging Code
CWE
Insufficient Verification of Data Authenticity
CWE
Server-generated Error Message Containing Sensitive Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.