|
gptkbp:instance_of
|
gptkb:Common_Weakness_Enumeration
|
|
gptkbp:affects
|
APIs
Mobile Applications
Web Applications
|
|
gptkbp:associated_with
|
gptkb:OWASP_Top_Ten
|
|
gptkbp:category
|
gptkb:security
|
|
gptkbp:description
|
The software does not properly protect sensitive information from being accessed by unauthorized users.
|
|
gptkbp:difficulty_levels
|
gptkb:High
|
|
gptkbp:example
|
Data Breach
A web application that displays sensitive user information in error messages.
|
|
gptkbp:has_weakness
|
gptkb:CWE-22
gptkb:CWE-601
gptkb:CWE-209
gptkb:CWE-312
gptkb:CWE-319
gptkb:CWE-327
gptkb:CWE-353
gptkb:CWE-611
gptkb:CWE-77
gptkb:CWE-94
gptkb:CWE-89
gptkb:CWE-20
CWE-78
CWE-798
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CWE-200
|
|
gptkbp:impact
|
Unauthorized access to sensitive information.
|
|
gptkbp:name
|
Information Exposure
|
|
gptkbp:prevention
|
Implement logging and monitoring.
Implement proper access controls.
Regular security audits.
Sanitize error messages.
Use encryption for sensitive data.
User training on data privacy.
|
|
gptkbp:related_to
|
gptkb:CWE-22
gptkb:CWE-201
gptkb:CWE-284
gptkb:CWE-326
|
|
gptkbp:bfsParent
|
gptkb:CWE-20
|
|
gptkbp:bfsLayer
|
7
|