logo

Invocation of Process Using Visible Sensitive Information

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when a process is started with sensitive data, such as passwords or API keys, passed directly in its command-line arguments or environment variables. Because this information is often visible to other processes on the system, it can be easily exposed.

Extended Description

On most operating systems, other users can list running processes and view details like command-line arguments and environment variables. If your application launches a subprocess using visible sensitive information, any user with basic system privileges could potentially see those credentials, creating a significant information leak. This exposure allows attackers to directly harvest secrets or understand your application's internal configuration, which can be the first step in a broader attack. To prevent this, sensitive data should never be passed via these visible channels; instead, use more secure methods like pipes, protected files, or inter-process communication (IPC) mechanisms designed to handle secrets.
Common Consequences 1
Scope: Confidentiality

Impact: Read Application Data
Demonstrative Examples 1
In the example below, the password for a keystore file is read from a system property.

Code Example:

Bad
Java
java
If the property is defined on the command line when the program is invoked (using the -D... syntax), the password may be displayed in the OS process list.
Observed Examples 7
CVE-2005-1387password passed on command line
CVE-2005-2291password passed on command line
CVE-2001-1565username/password on command line allows local users to view via "ps" or other process listing programs
CVE-2004-1948Username/password on command line allows local users to view via "ps" or other process listing programs.
CVE-1999-1270PGP passphrase provided as command line argument.
CVE-2004-1058Kernel race condition allows reading of environment variables of a process that is still spawning.
CVE-2021-32638Code analysis product passes access tokens as a command-line parameter or through an environment variable, making them visible to other processes via the ps command.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Operation
Functional Areas
  1. Program Invocation
Affected Resources
  1. System Process
Related Weaknesses
ChildOf: Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
Taxonomy Mapping
  • PLOVER
  • Software Fault Patterns
Notes
Research GapUnder-studied, especially environment variables.