CWE-540

Inclusion of Sensitive Information in Source Code

AI Translation Available

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

Status

incomplete

Abstraction

base

Affected Platforms

Not Technology-Specific Web Based

Extended Description

AI Translation

There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design system configuration

Descriptions:

• Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design configurazione sistema

Descriptions:

• Le raccomandazioni includono rimuovere questo script dal server web e spostarlo in una posizione non accessibile da Internet.

CWE-540

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter