CWE-202

Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Mitigation

Phase: Architecture and Design

Description:

  • This is a complex topic. See the [REF-1492] for a good discussion of best practices.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page