CWE-550 - Server-generated Error Message Containing Sensitive Information
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Server-generated Error Message Containing Sensitive Information
Description
Certain conditions, such as network failure, will cause a server error message to be displayed.
While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Related Weaknesses
CWE-209Generation of Error Message Containing Sensitive InformationHigh