Greeting Everyone! Hope all going well in this blog we will discuss CWE-200: Exposure of Sensitive Information and How This issue critically cause Impact For Our web application , android application etc.
Sensitive data that mean it may be user PII, User credentials, User Information, or web administrator data that cause an impact on a web application. This Vulnerability exists in web applications when it is poorly configured design phase it may backend or front end of any web application. This Vulnerability allow an bad actor to apply different security practices to gain access those data which may lose confidentiality an bad actor able to find sensitive data such as user Personal information, user credentials , database information, hard coded data that belongs to targeted web application.
What is the common issue or information that may exposed due to weak design implementation :
1. Enumeration of valid user name
2. Account number , id enumeration through inconsistent responses.
3. User enumeration via error message
4. phpinfo(), revealing system configuration to web user
5. Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
6. Password exposed in debug environment
7. User Data not properly stored which an bad actor can easily manipulate
8. FTP client with debug option enabled shows password to the screen.
9. Stored Credentials of users easily can be access with directory busting
10. Sensitive api key expose through front end due to poor design
11. Developer details expose through third party repository
12. User data can be access through IDOR due to weak design implement .
This is how we can verify against exposing sensitive data Which cause carries Data exposed , data theft , data manipulate . Sensitive data exposure is very critical Security loopholes for an Web application.
Reference : https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/
Author
Pallab Jyoti Borah
VAPT Analyst