Base weakness

Incomplete

CWE-540: Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.

CWE-540: Inclusion of Sensitive Information in Source Code

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Frequently asked questions

What is CWE-540?

What CVEs are caused by CWE-540?

How do you prevent CWE-540?

How is CWE-540 detected?

What are the consequences of CWE-540?

Is CWE-540 actively exploited?

References

Stay ahead of CWE-540

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-540?

What CVEs are caused by CWE-540?

How do you prevent CWE-540?

How is CWE-540 detected?

What are the consequences of CWE-540?

Is CWE-540 actively exploited?

References

Stay ahead of CWE-540