LiveActive security incident?Get immediate response
CWE Reference

CWE-212: Improper Removal of Sensitive Information Before… | Glexia

CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer) weakness overview with consequences, detection methods, mitigations, related CVEs…

Release 4.20weaknessIncomplete

Glexia's Take · Automated analysis

CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer

Improper Removal of Sensitive Information Before Storage or Transfer represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Confidentiality: Read Files or Directories,Read Application Data: Sensitive data may be exposed to an unauthorized actor in another control sphere. This may have a wide range of secondary consequences that will depend on what data is exposed. One possibility is the exposure of system data - such as file locations, software versions, or device data - that allow an attacker to craft a specific, more effective attack. Alternately, insufficient redaction of Private Personal Information (PPI), Personally Identifiable Information (PII), or other types of information might not harm the secure operation of the product itself, but could be violations of expectations by the product's users.

Developer Pattern

CWE-212 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Automation confidence

high confidence from CWE-212, 4.20.

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Official CWE Definition

CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

Type
weakness
Abstraction
Base
Status
Incomplete
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • This code either generates a public HTML user information page or a JSON response containing the same user information. The programmer is careful to not display the user's e-mail address when displaying the public HTML page. However, the e-mail address is not removed from the JSON response, exposing the user's e-mail address.

Remediation

  • Requirements: Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties.
  • Architecture and Design:
  • Implementation,Operation:
  • Implementation: Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
  • Implementation: Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state.

Detection

  • Automated Static Analysis: Tools are available to analyze documents (such as PDF, Word, etc.) to look for private information such as names, addresses, etc.

Mappings

Related CVEs, CWEs, and ATT&CK context