Variant weakness
Incomplete
CWE-541: Inclusion of Sensitive Information in an Include File
If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Last updated
0
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Variant
Abstraction
MITRE classification
Overview
CWE-541 (Inclusion of Sensitive Information in an Include File) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-541 is exploited.
Read Application Data
Affects: Confidentiality
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Implementation
How to prevent it
Practical mitigations for CWE-541, grouped by where in the lifecycle they apply.
Architecture and Design
Do not store sensitive information in include files.
Architecture and Design
System Configuration