CWE-211: Externally-Generated Error Message Containing Sensitive Information
Learn about CWE-211 (Externally-Generated Error Message Containing Sensitive Information), its security impact, exploitation methods, and prevention guidelines.
What is Externally-Generated Error Message Containing Sensitive Information?
• Overview: This vulnerability occurs when software allows external systems, like programming language interpreters, to generate error messages that contain sensitive information. Developers may not have control over these messages, which could inadvertently expose critical system details.
• Exploitation Methods:
- Attackers can trigger errors intentionally by manipulating inputs to make the system generate error messages.
- Common techniques include injecting unexpected data or exploiting poorly handled exceptions to provoke revealing error messages.
• Security Impact:
- Direct consequences include the exposure of sensitive system information such as file paths, configuration details, or database structures.
- Potential cascading effects include enabling further attacks like SQL injection or privilege escalation by providing attackers with system insights.
- Business impact may involve data breaches, loss of customer trust, legal liabilities, and financial losses.
• Prevention Guidelines:
- Specific code-level fixes include sanitizing inputs and using try-catch blocks to handle errors gracefully without exposing sensitive details.
- Security best practices involve logging errors internally rather than displaying them to users, and ensuring error messages are generic and non-descriptive.
- Recommended tools and frameworks include using error handling libraries that centralize and sanitize error messages, and security-focused logging frameworks to manage error information securely.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: PHP, Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
PHP Example
// Vulnerable code that may reveal sensitive system information
try {
// Simulate an operation that may fail, such as a database query
\$result = \$pdo->query("SELECT * FROM users WHERE id = \$userId");
// If the query fails, an exception is thrown
} catch (PDOException \$e) {
// Directly exposing database error message can reveal sensitive information
echo "An error occurred: " . \$e->getMessage(); // Vulnerable line
}
Explanation:
- The code above catches exceptions thrown by the PDO object. However, it handles the error by directly echoing the exception message, which can contain sensitive information such as SQL errors, database structure, or even data that should not be exposed to the user.
How to fix Externally-Generated Error Message Containing Sensitive Information?
To fix this vulnerability:
- Avoid Direct Exposure: Do not display raw error messages to the end user as they may contain sensitive information.
- Log the Detailed Error: Store the detailed error message in a secure log file that is accessible only to administrators.
- Generic Error Message: Display a generic error message to the user to hide technical details.
- Use Error Handling Libraries: Utilize error handling libraries or frameworks that provide mechanisms to log errors safely and display user-friendly messages.
Fixed Code Example
// Fixed code with proper error handling
try {
// Attempt to execute a potentially failing operation
\$result = \$pdo->query("SELECT * FROM users WHERE id = \$userId");
} catch (PDOException \$e) {
// Log the detailed error message for administrative purposes
error_log("Database error: " . \$e->getMessage()); // Log detailed error
// Display a generic error message to the user
echo "An unexpected error occurred. Please try again later."; // User-friendly message
}
Explanation:
- Logging: Instead of displaying the error message, we log it using
error_log(). This ensures that the error details are captured for diagnostics without exposing them to the user. - User-Friendly Message: We provide a generic message to the user, ensuring they are informed of an issue without revealing sensitive details.
- Security: This approach protects sensitive information while still allowing for the identification and resolution of issues through logged errors.