CWE-212: Improper Removal of Sensitive Information Before… | Glexia
CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer) weakness overview with consequences, detection methods, mitigations, related CVEs…
Glexia's Take · Automated analysis
CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
Improper Removal of Sensitive Information Before Storage or Transfer represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Confidentiality: Read Files or Directories,Read Application Data: Sensitive data may be exposed to an unauthorized actor in another control sphere. This may have a wide range of secondary consequences that will depend on what data is exposed. One possibility is the exposure of system data - such as file locations, software versions, or device data - that allow an attacker to craft a specific, more effective attack. Alternately, insufficient redaction of Private Personal Information (PPI), Personally Identifiable Information (PII), or other types of information might not harm the secure operation of the product itself, but could be violations of expectations by the product's users.
Developer Pattern
CWE-212 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Automation confidence
high confidence from CWE-212, 4.20.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Official CWE Definition
CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- This code either generates a public HTML user information page or a JSON response containing the same user information. The programmer is careful to not display the user's e-mail address when displaying the public HTML page. However, the e-mail address is not removed from the JSON response, exposing the user's e-mail address.
Remediation
- Requirements: Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties.
- Architecture and Design:
- Implementation,Operation:
- Implementation: Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
- Implementation: Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state.
Detection
- Automated Static Analysis: Tools are available to analyze documents (such as PDF, Word, etc.) to look for private information such as names, addresses, etc.
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
- CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information
- CWE-201: Insertion of Sensitive Information Into Sent Data
- CWE-669: Incorrect Resource Transfer Between Spheres
- CWE-669: Incorrect Resource Transfer Between Spheres
- CWE-226: Sensitive Information in Resource Not Removed Before Reuse
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.
