If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
View on MITREDo not store sensitive information in include files.
Protect include files from being exposed.
No detection method information available for this CWE.
The following code uses an include file to store database credentials:
database.inc
The following code uses an include file to store database credentials:
database.inc
CWE-541: Inclusion of Sensitive Information in an Include File is a Common Weakness Enumeration (CWE) entry maintained by MITRE. If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
If exploited, CWE-541 (Inclusion of Sensitive Information in an Include File) it can compromise Confidentiality, leading to outcomes such as Read Application Data.
Recommended mitigations for CWE-541 include: Do not store sensitive information in include files. Protect include files from being exposed.
A CWE (Common Weakness Enumeration) like CWE-541 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.