CWE•Base•Incomplete•3 recent CVEs
CWE-1295Debug Messages Revealing Unnecessary Information
Description
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
[object Object]
Common consequences
- Confidentiality,Integrity,Availability,Access Control,Accountability,Authentication,Authorization,Non-Repudiation→Read Memory,Bypass Protection Mechanism,Gain Privileges or Assume Identity,Varies by Context
Potential mitigations
- ImplementationEnsure that a debug message does not reveal any unnecessary information during the debug process for the intended response.