CWE-540Inclusion of Sensitive Information in Source Code

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-540
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Inclusion of Sensitive Information in Source Code

描述

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.

常见后果

范围:
Confidentiality
影响:
Read Application Data

相关 CWE

相关警报