What is the authoritative source for CWE-541?

Inclusion of Sensitive Information in an Include File (CWE-541) is catalogued in MITRE CWE and curated for EU compliance use cases by SQUR.

VariantIncomplete

CWE-541Inclusion of Sensitive Information in an Include File

Category: data-exposure

Description

If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.

Common consequences· 1

Confidentiality — Read Application Data

Potential mitigations· 2

[Architecture and Design]Do not store sensitive information in include files.
[Architecture and Design, System Configuration]Protect include files from being exposed.