CWE-540: Inclusion of Sensitive Information in Source Code

BaseIncomplete

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

View on MITRE
Back to CWE Lookup

Extended Description

There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-540

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references

CWE-540: Inclusion of Sensitive Information in Source Code | CWE Lookup | Inventive HQ