DerScanner
Home / Vulnerability Database / Python : Information leak
Python

Python : Information leak

Classification

OWASP Top 10 2013
A5-Security MisconfigurationA6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data ExposureA6-Security Misconfiguration
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA5-Security Misconfiguration
OWASP MASVS
V7: 7.4.(L1/L2/L1+R/L2+R)
OWASP ASVS
Configuration
PCI DSS 4.0
6.2.4
CWE
CWE-200CWE-209CWE-489CWE-497CWE-1031CWE-1032
CWE/SANS Top 25 2021
CWE-200

Overview

System configuration information leak is possible. This can help an attacker to create a plan of an attack.

Debug information and error messages can be written to the log, displayed to the console, or sent to the user depending on the system settings. In some cases, an attacker can make a conclusion about the system vulnerabilities from the error message. For example, a database error can indicate insecurity against SQL injection attacks. Information about the version of the operating system, server applications and system configurations can also be of value to the attacker.

References

  1. OWASP Top 10 2013-A5-Security Misconfiguration
  2. CWE-497: Exposure of System Data to an Unauthorized Control Sphere
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. OWASP Top 10 2017-A6-Security Misconfiguration
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  7. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  8. CWE-209: Generation of Error Message Containing Sensitive Information
  9. CWE-489
MEDIUM

DerScanner Severity Score

Do you want to fix Python : Information leak in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding