DerScanner
Home / Vulnerability Database / Android : Internal information leak
Android

Android : Internal information leak

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Mobile Top 10 2016
M2-Insecure Data Storage
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V7: 7.4.(L1/L2/L1+R/L2+R)V2: 2.1.(L1/L2/L1+R/L2+R)V2: 2.3.(L1/L2/L1+R/L2+R)
OWASP ASVS
ConfigurationError Handling and LoggingError Handling and Logging
CWE
CWE-200CWE-312CWE-313CWE-319CWE-359CWE-497CWE-532CWE-732
CWE/SANS Top 25 2011
CWE-732
CWE/SANS Top 25 2021
CWE-200CWE-732

Overview

Confidential information in cleartext was written to the system logs.

In this case, we are talking about an internal leak: confidential information is written to the local file/event logs.

References

  1. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  2. CWE-497: Exposure of System Data to an Unauthorized Control Sphere
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. CWE-532: Insertion of Sensitive Information into Log File
  5. Logs for Sensitive Data
MEDIUM

DerScanner Severity Score

Do you want to fix Android : Internal information leak in your application?

See also

Android

Android : Debug mode on

Android

Android : Error handling: generic exception

Android

Android : HTTP usage