CWE-201: Insertion of Sensitive Information Into Sent Data
ID
CWE-201
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
49
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Class | Simple | Draft | |
| CWE-1000 | Research Concepts | Draft | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
| CWE-1000 | Research Concepts | Draft | CWE-202 | Exposure of Sensitive Information Through Data Queries | Base | Simple | Draft | |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org| # ID | Name | Weaknesses |
|---|---|---|
| CAPEC-12 | Choosing Message Identifier | CWE-201 |
| CAPEC-217 | Exploiting Incorrectly Configured SSL/TLS | CWE-201 |
| CAPEC-612 | WiFi MAC Address Tracking | CWE-201 |
| CAPEC-613 | WiFi SSID Tracking | CWE-201 |
| CAPEC-618 | Cellular Broadcast Message Request | CWE-201 |
| CAPEC-619 | Signal Strength Tracking | CWE-201 |
| CAPEC-621 | Analysis of Packet Timing and Sizes | CWE-201 |
| CAPEC-622 | Electromagnetic Side-Channel Attack | CWE-201 |
| CAPEC-623 | Compromising Emanations Attack | CWE-201 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...