CWE-540

Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

Mitigation

Phases: Architecture and Design, System Configuration

Description:

  • Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page