CWE•Variant•Incomplete•1 recent CVE
CWE-541Inclusion of Sensitive Information in an Include File
Description
If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Common consequences
- Confidentiality→Read Application Data
Potential mitigations
- Architecture and DesignDo not store sensitive information in include files.
- Architecture and Design,System ConfigurationProtect include files from being exposed.