Corgea LogoCorgea Security Hub

CWE-214: Invocation of Process Using Visible Sensitive Information

Learn about CWE-214 (Invocation of Process Using Visible Sensitive Information), its security impact, exploitation methods, and prevention guidelines.

What is Invocation of Process Using Visible Sensitive Information?

• Overview: This vulnerability occurs when a process is invoked with sensitive information, such as passwords or keys, in a form that is visible to other processes on the operating system. This can include command-line arguments or environment variables that are not properly secured.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by inspecting process information, which is often accessible through system utilities or APIs that list running processes.
  • Common attack patterns include scanning for processes with sensitive command-line arguments or environment variables and using this information to gain unauthorized access.

• Security Impact:

  • Direct consequences include unauthorized access to sensitive data, such as credentials, which can lead to further exploitation.
  • Potential cascading effects include lateral movement within the network, data breaches, and compromised user accounts.
  • Business impact can range from loss of customer trust to legal liabilities and financial loss due to data breaches.

• Prevention Guidelines:

  • Avoid passing sensitive information via command-line arguments or environment variables. Use secure methods such as configuration files with appropriate access controls.
  • Employ security best practices such as least privilege, ensuring only authorized users have access to process information.
  • Use recommended tools and frameworks that emphasize secure storage and transmission of sensitive data, such as secure vaults and configuration management systems.
Corgea can automatically detect and fix Invocation of Process Using Visible Sensitive Information in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

Python Example

import subprocess

def run_backup(password):
    # Vulnerable: Passing sensitive information such as passwords directly in command-line arguments
    command = f"backup_tool --password={password} --action=backup"
    subprocess.run(command, shell=True)  # This makes the password visible to other processes

Explanation of Vulnerability:

  • Sensitive Data Exposure: The password is included directly in the command-line arguments, making it visible to other processes on the system.
  • Potential Risks: Any user with access to process listing commands (like ps on Unix/Linux) can potentially see the password.

How to fix Invocation of Process Using Visible Sensitive Information?

To fix this vulnerability, the sensitive information should not be passed directly in command-line arguments. Instead, use environment variables or configuration files with proper access controls to supply sensitive data. Additionally, use process control APIs that allow passing arguments securely.

Specific Fixes:

  1. Use Environment Variables: Set sensitive information like passwords via environment variables that are not exposed to process listings.
  2. Avoid Shell=True: Use the subprocess module without shell=True to avoid shell injection vulnerabilities and to securely pass arguments.
  3. Secure Configuration: Store sensitive information in a secure configuration or secret management system.

Fixed Code Example

import subprocess
import os

def run_backup(password):
    # Fixed: Use environment variables to securely pass the password
    env = os.environ.copy()
    env['BACKUP_PASSWORD'] = password  # Set the password as an environment variable

    # Securely run the backup tool without exposing the password in command-line arguments
    subprocess.run(['backup_tool', '--action=backup'], env=env)

# Further improvement: Use a secrets management tool or configuration files with proper access controls

Explanation of Fix:

  • Environment Variable: The password is set in an environment variable, which is not exposed in process command-line arguments.
  • No Shell=True: This avoids the shell's involvement, preventing the risk of shell injection and further hiding sensitive data.
  • Best Practices: Consider using a dedicated secrets management service or encrypted configuration files to handle sensitive information securely.

Additional Recommendations:

  • Secrets Management: For production systems, use a secrets management tool such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault to store and retrieve sensitive information.
  • Access Controls: Ensure that only authorized users and processes have access to the environment variables or configuration files that contain sensitive information.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-214: Invocation of Process Using Visible Sensitive Information and get remediation guidance

Start for free and no credit card needed.