CWE-201 - Insertion of Sensitive Information Into Sent Data
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2024-11-19
Weakness Name
Insertion of Sensitive Information Into Sent Data
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences
Scope: Confidentiality
Impact: Read Files or Directories, Read Memory, Read Application Data
Notes: Sensitive data may be exposed to attackers.
Related Weaknesses
CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh
CWE-202Exposure of Sensitive Information Through Data QueriesMedium
CWE-209Generation of Error Message Containing Sensitive InformationHigh
Related Alerts
Big Redirect Detected (Potential Sensitive Information Leak)Low
Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)Low