Exposure of sensitive information to an unauthorized actor
This weakness describes intentional or unintentional disclosure of information that is considered sensitive. First of all it affects confidentiality of data.
The information is considered sensitive when:
It is sensitive within the product functionality (e.g. information with restricted access, private messages, etc.)
It contains data about the product itself, its environment or the related system that is not intended be disclosed by the application.
The vulnerability is introduced during Architecture and Design, Implementation stages.
The information is considered sensitive when:
It is sensitive within the product functionality (e.g. information with restricted access, private messages, etc.)
It contains data about the product itself, its environment or the related system that is not intended be disclosed by the application.
The vulnerability is introduced during Architecture and Design, Implementation stages.