CWE-531: Inclusion of Sensitive Information in Test Code

Description

Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.

Extended Description

N/A

ThreatScore

Threat Mapped score: 3.0

Industry: Finiancial

Threat priority: P2 - Serious (High)

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Testing	N/A

Common Consequences

Impact: Read Application Data — Notes:

Potential Mitigations

Distribution: Remove test code before deploying the application into production. (N/A)

Applicable Platforms

None listed.

Demonstrative Examples

Intro: Examples of common issues with test applications include administrative functions, listings of usernames, passwords or session identifiers and information about the system, server or application configuration.

Notes

No notes available.

← Back to CWE list