CWE-202: Exposure of Sensitive Information Through Data Queries

Description

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE

Extended Description

In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.

Example Vulnerable Codes

Example - 1

See the book Translucent Databases for examples.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-201: Insertion of Sensitive Information Into Sent Data

Go to

CWE-1230: Exposure of Sensitive Information Through Metadata

Go to

Visit http://cwe.mitre.org/ for more details.