VariantIncomplete

CWE-530Exposure of Backup File to an Unauthorized Control Sphere

Category: auth

Description

A backup file is stored in a directory or archive that is made accessible to unauthorized actors. Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Common consequences· 1

  • Confidentiality — Read Application Data
    At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site.

Potential mitigations· 1

  • [Policy]Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot.

References

  1. https://cwe.mitre.org/data/definitions/530.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Inclusion of Sensitive Information in Source Code
CWE
Inclusion of Sensitive Information in Source Code Comments
CWE
Unparsed Raw Web Content Delivery
CWE
Exposure of Version-Control Repository to an Unauthorized Control Sphere
CWE
Reliance on File Name or Extension of Externally-Supplied File
CWE
DEPRECATED: Information Exposure Through Server Log Files
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.