Greeting Everyone ! Hope all going good in this blog we will discuss CWE-200: Exposure of Sensitive Information How This issue critically cause Impact For Our web application , android application etc.
Sensitive data that mean it may users PII, Users credentials , User Information , or web administrator data that cause impact for an web application . This Vulnerability exists in web application when it poorly configured design phase it may backend or front end of any web application. This Vulnerability allow an bad actor to apply different security practices to gain access those data which may lose confidentiality an bad actor able to find sensitive data such as user Personal information, user credentials , database information, hard coded data that belongs to targeted web application.
What is the common issue or information that may exposed due to weak design implementation :
1. Enumeration of valid user name
2. Account number , id enumeration through inconsistent responses.
3. User enumeration via error message
4. phpinfo(), revealing system configuration to web user
5. Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
6. Password exposed in debug environment
7. User Data not properly stored which an bad actor can easily manipulate
8. FTP client with debug option enabled shows password to the screen.
9. Stored Credentials of users easily can be access with directory busting
10. Sensitive api key expose through front end due to poor design
11. Developer details expose through third party repository
12. User data can be access through IDOR due to weak design implement .
This is how we can verify against exposing sensitive data Which cause carries Data exposed , data theft , data manipulate . Sensitive data exposure is very critical Security loopholes for an Web application.
Reference : https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/
Author : Pallab Jyoti Borah | VAPT Analyst