logo

Exposure of Sensitive Information Due to Incompatible Policies

Draft Base
Structure: Simple
Description

This vulnerability occurs when a system's data handling aligns with the developer's security rules but accidentally reveals information that other stakeholders—like users or administrators—consider confidential. Essentially, the developer's policy conflicts with the security expectations of the people who use or manage the product.

Extended Description

When building software, developers must recognize that different groups have their own security expectations for the data involved. Users, administrators, and other stakeholders each have an implicit "security contract" they expect the product to honor. A vulnerability arises when the developer's internal policy treats certain information as non-sensitive, while these other parties rely on it being kept private. To prevent this, you need to proactively identify all data stakeholders and understand what they consider confidential, even if your own design doesn't mark it as such. This means looking beyond your immediate requirements and validating data handling against the real-world privacy and security needs of everyone affected by the system.
Common Consequences 1
Scope: Confidentiality

Impact: Read Application Data
Demonstrative Examples 1

ID : DX-130

This code displays some information on a web page.

Code Example:

Bad
JSP
jsp
The code displays a user's credit card and social security numbers, even though they aren't absolutely necessary.
Observed Examples 8
CVE-2002-1725Script calls phpinfo()
CVE-2004-0033Script calls phpinfo()
CVE-2003-1181Script calls phpinfo()
CVE-2004-1422Script calls phpinfo()
CVE-2004-1590Script calls phpinfo()
CVE-2003-1038Product lists DLLs and full pathnames.
CVE-2005-1205Telnet protocol allows servers to obtain sensitive environment information from clients.
CVE-2005-0488Telnet protocol allows servers to obtain sensitive environment information from clients.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Policy
Requirements
Architecture and Design
Implementation
Related Weaknesses
ChildOf: Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Taxonomy Mapping
  • PLOVER
Notes
MaintenanceThis entry is being considered for deprecation. It overlaps many other entries related to information exposures. It might not be essential to preserve this entry, since other key stakeholder policies are covered elsewhere, e.g. personal privacy leaks (Exposure of Private Personal Information to an Unauthorized Actor) and system-level exposures that are important to system administrators (Exposure of Sensitive System Information to an Unauthorized Control Sphere).
TheoreticalIn vulnerability theory terms, this covers cases in which the developer's Intended Policy allows the information to be made available, but the information might be in violation of a Universal Policy in which the product's administrator should have control over which information is considered sensitive and therefore should not be exposed.