CWE-212Improper Removal of Sensitive Information Before Storage or Transfer

Description

Common consequences· 1

• Confidentiality — Read Files or Directories, Read Application Data
  Sensitive data may be exposed to an unauthorized actor in another control sphere. This may have a wide range of secondary consequences that will depend on what data is exposed. One possibility is the exposure of system data - such as file locations, software versions, or device data - that allow an attacker to craft a specific, more effective attack. Alternately, insufficient redaction of Private Personal Information (PPI), Personally Identifiable Information (PII), or other types of information might not harm the secure operation of the product itself, but could be violations of expectations by the product's users.

Potential mitigations· 5

• [Requirements]Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties.
• [Architecture and Design]
• [Implementation, Operation]
• [Implementation]Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
• [Implementation]Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state.

Related CAPEC attack patterns· 1

Exploits (incoming)1

Compliance frameworks addressing this (incoming)2

(incoming)2

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.