logo

Insertion of Sensitive Information Into Sent Data

Draft Base
Structure: Simple
Description

This vulnerability occurs when an application sends data to an external party, but accidentally includes sensitive information—like passwords, keys, or personal data—that the recipient should not be able to access.

This vulnerability occurs when an application sends data to an external party, but accidentally includes sensitive information—like passwords, keys, or personal data—that the recipient should not be able to access.
Extended Description

This flaw often happens because of overly broad data selection or logging mechanisms that package more information than necessary for a given transaction. For example, an API response might return an entire user object, including internal fields like hashed passwords or security questions, instead of just the needed profile data. Developers should carefully review all data payloads sent to clients, third-party services, or logs, ensuring they follow the principle of least privilege and expose only what is explicitly required. Catching these leaks manually is challenging, as sensitive data can be buried deep in nested objects or only appear under specific conditions. While SAST tools can flag patterns of data exposure, Plexicus uses AI to analyze data flows in context and suggest precise code fixes—such as implementing stricter output filters or using data sanitization libraries—saving hours of manual review and reducing the risk of accidental disclosure across your entire application stack.
Common Consequences 1
Scope: Confidentiality

Impact: Read Files or DirectoriesRead MemoryRead Application Data

Sensitive data may be exposed to attackers.
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Potential Mitigations 4
Phase: Requirements
Specify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
Phase: Implementation
Ensure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
Phase: System Configuration
Setup default error messages so that unexpected errors do not disclose sensitive information.
Phase: Architecture and Design

Strategy: Separation of Privilege

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Demonstrative Examples 1

ID : DX-129

The following is an actual MySQL error statement:

Code Example:

Result
SQL
sql
The error clearly exposes the database credentials.
Observed Examples 1
CVE-2022-0708Collaboration platform does not clear team emails in a response, allowing leak of email addresses
References 1
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf: Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
CanAlsoBe: Generation of Error Message Containing Sensitive Information (CWE-209)
CanAlsoBe: Exposure of Sensitive Information Through Data Queries (CWE-202)
Taxonomy Mapping
  • CLASP
Notes
OtherSensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).