DerScanner
Home / Vulnerability Database / Config files : Privacy violation
Config files

Config files : Privacy violation

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic Failures
OWASP MASVS
V2: 2.3.(L1/L2/L1+R/L2+R)V2: 2.4.(L1/L2/L1+R/L2+R)V2: 2.10.(L2/L2+R)
OWASP ASVS
Data Protection
HIPAA
§164.312 (a)(1)
CWE
CWE-319CWE-359CWE-1032

Overview

Privacy of personal user data may be violated. This can break the law and harm the reputation of the application.

Valuable personal data may get into the application from a variety of sources: directly from the user, from a database, from a third party storage. Often, this data is not marked as confidential or are valuable not by itself but only in a certain context.

Often, security and privacy of personal data conflict. From a security perspective, it is necessary to record information on all the activities in the system as detailed as possible, to later reveal traces of malicious actions. From the standpoint of privacy, on the contrary, the confidential information logging increases the risk of its leak. In this case, privacy should have a higher priority.

References

  1. OWASP Top 10 2013-A6-Sensitive Data Exposure
  2. CWE-359: Exposure of Private Information (‘Privacy Violation’)
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Privacy violation in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection