Corgea LogoCorgea Security Hub

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Learn about CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), its security impact, exploitation methods, and prevention guidelines.

What is Exposure of Sensitive Information to an Unauthorized Actor?

• Overview: Exposure of Sensitive Information to an Unauthorized Actor occurs when sensitive data is unintentionally exposed to users or systems not authorized to access it. This could happen due to coding errors, improper data handling, or misconfigured systems. Sensitive data may include personal information, system configurations, or business secrets, among others.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by intercepting data during transmission or accessing improperly secured data storage.
  • Common attack patterns and techniques include data scraping, network sniffing, exploiting misconfigured access controls, or leveraging error messages that reveal too much information.

• Security Impact:

  • Direct consequences of successful exploitation include unauthorized access to sensitive information, leading to privacy breaches, identity theft, or data leaks.
  • Potential cascading effects involve further compromise of systems, as attackers may use exposed data to conduct more sophisticated attacks.
  • Business impact includes reputational damage, financial loss, regulatory penalties, and loss of customer trust.

• Prevention Guidelines:

  • Specific code-level fixes involve implementing proper input validation and output encoding to prevent unintended data exposure.
  • Security best practices include enforcing least privilege access, using encryption for data in transit and at rest, and regularly auditing access controls.
  • Recommended tools and frameworks include static code analysis tools to detect vulnerabilities and secure coding libraries that handle sensitive data properly.
Corgea can automatically detect and fix Exposure of Sensitive Information to an Unauthorized Actor in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: High

Affected Languages: Not Language-Specific

Affected Technologies: Mobile

Vulnerable Code Example

def get_user_profile(user_id):
    # Simulate retrieving user profile from a database
    user_profiles = {
        1: {"name": "Alice", "email": "alice@example.com", "ssn": "123-45-6789"},
        2: {"name": "Bob", "email": "bob@example.com", "ssn": "987-65-4321"},
    }
    return user_profiles.get(user_id, "User not found")

def display_profile(user_id):
    profile = get_user_profile(user_id)
    # Vulnerable: Exposes sensitive information (like SSN) to unauthorized actors
    print(f"User Profile: {profile}")
    
# Example call
display_profile(1)

Explanation

The above code snippet exposes the entire user profile, including sensitive information like a Social Security Number (SSN), without verifying if the caller is authorized to view this information. This is a classic example of CWE-200, where sensitive data is exposed to potentially unauthorized users.

How to fix Exposure of Sensitive Information to an Unauthorized Actor?

To fix this vulnerability, we must ensure that only authorized actors can access sensitive information. This involves implementing access controls, such as authentication and authorization checks, and ensuring that sensitive data is not exposed to unauthorized users. In this case, the fix includes:

  • Verifying the authorization status of the caller before returning sensitive information.
  • Redacting or omitting sensitive fields from the output for unauthorized users.

Fixed Code Example

def get_user_profile(user_id):
    # Simulate retrieving user profile from a database
    user_profiles = {
        1: {"name": "Alice", "email": "alice@example.com", "ssn": "123-45-6789"},
        2: {"name": "Bob", "email": "bob@example.com", "ssn": "987-65-4321"},
    }
    return user_profiles.get(user_id, "User not found")

def display_profile(user_id, is_authorized):
    profile = get_user_profile(user_id)
    if isinstance(profile, dict):
        # Check if user is authorized to view sensitive information
        if not is_authorized:
            # Redact sensitive information for unauthorized users
            profile.pop("ssn", None)
    print(f"User Profile: {profile}")

# Example call with authorization check
display_profile(1, is_authorized=False)

Explanation

In the fixed code, we added an is_authorized parameter to the display_profile function to simulate authorization checking. If the user is not authorized, we redact the ssn field from the profile before displaying it. This ensures that sensitive information is not exposed to unauthorized actors. In a real-world scenario, the is_authorized check would be replaced with a proper authentication and authorization mechanism.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-200: Exposure of Sensitive Information to an Unauthorized Actor and get remediation guidance

Start for free and no credit card needed.