CWE-200 occurs when information that should remain confidential (e.g., systems and network information for the application, user-supplied data including names, email addresses, and dates of birth) are accessible to those without authorization to see this information.
The impact of exposing sensitive information depends on the type of information that is inadvertently shown to the unauthorized party. For example, exposing user information (e.g., names, emails, credit card numbers, etc.) can be very problematic for the end-users, while exposing information on how the application works could compromise the integrity of the application itself.
There are several ways in which confidential information could be inadvertently exposed to those without proper authorization for viewing the information:
- The application inserts information explicitly into resources that can be accessed by unauthorized users (in other words, the data weren’t sanitized/scrubbed to ensure privacy)
- The application reveals information (e.g., application metadata, full file paths) due to programming flaws
- The application relies on resources (e.g., databases) that contain sensitive information and inadvertently reveal how an unauthorized party could access those resources
Note that CWE-200 should only be used as the classification if the sensitive data exposure results from mistakes in management, storing, transferring, or cleansing of information, not issues like out-of-bounds reads or insecure file permission settings.
- Build compartmentalization into the system to help enable privilege separation functionality; use the principle of least privilege to decide which resources can access what data and when.
- Set up safe areas by drawing trust boundaries; do not allow sensitive data outside the trust boundaries. Take care if secure areas interface with other parts of the application or third-party resources.
- CWE-200 encompasses issues related to the unauthorized access of sensitive data due to the way an application manages, stores, transfers, and cleanses information
- In addition to sanitizing information (such as user data), techniques for mitigation include compartmentalizing and setting up safe areas by drawing trust boundaries for the data