Base weakness

Draft

CWE-215: Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the product is operating in a production environment, then this sensitive information may be exposed to attackers.

CWE-215: Insertion of Sensitive Information Into Debugging Code

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-215?

What CVEs are caused by CWE-215?

Is CWE-215 part of the OWASP Top 10?

How do you prevent CWE-215?

How is CWE-215 detected?

What are the consequences of CWE-215?

Is CWE-215 actively exploited?

References

Stay ahead of CWE-215

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-215?

What CVEs are caused by CWE-215?

Is CWE-215 part of the OWASP Top 10?

How do you prevent CWE-215?

How is CWE-215 detected?

What are the consequences of CWE-215?

Is CWE-215 actively exploited?

References

Stay ahead of CWE-215