Information Leakage / Sensible Information Leaked
Sensible information leaked is a type of information leakage vulnerability. It refers to the unauthorized disclosure of sensitive or confidential data through the application of web or API services. It is classified as a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and is part of the OWASP Top 10 list of application security risks. The impact of this vulnerability can range from minor, such as the disclosure of an email address, to serious, such as the disclosure of personal financial information.
This vulnerability can cause serious loss, damage or harm to individuals or organizations due to the disclosure of sensitive or confidential information. The risk of this vulnerability can be high depending on the type of information that is leaked. The attacker may be able to use the information for malicious purposes such as identity theft, blackmail or fraud.
The best way to address this vulnerability is to ensure that sensitive or confidential information is not stored in the application. Alternatively, the application can be configured to securely store and encrypt sensitive data. Additionally, proper authentication, authorization and access control measures should be taken to ensure that only authorized users are able to access sensitive data.