If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Extended Description
N/A
ThreatScore
Threat Mapped score: 3.25
Industry: Finiancial
Threat priority: P2 - Serious (High)
Observed Examples (CVEs)
No observed examples available.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Implementation
N/A
Common Consequences
Impact: Read Application Data — Notes:
Potential Mitigations
Architecture and Design: Do not store sensitive information in include files. (N/A)
Architecture and Design: Protect include files from being exposed. (N/A)
Applicable Platforms
None listed.
Demonstrative Examples
Intro: The following code uses an include file to store database credentials: