CWE-201
Overview
- CWE ID
- 201
- CWE Name
- Insertion of Sensitive Information Into Sent Data
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Extended Description
Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).